Описание
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 125.0.1-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 2 года назад
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
CVSS3: 7.5
nvd
почти 2 года назад
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
CVSS3: 7.5
github
почти 2 года назад
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
CVSS3: 4.3
fstec
почти 2 года назад
Уязвимость функции js::CheckTracedThing() JIT-компилятора браузера Mozilla Firefox, позволяющая нарушителю вызвать отказ в обслуживании