Описание
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-8381
- https://bugzilla.mozilla.org/show_bug.cgi?id=1912715
- https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html
- https://www.mozilla.org/security/advisories/mfsa2024-39
- https://www.mozilla.org/security/advisories/mfsa2024-40
- https://www.mozilla.org/security/advisories/mfsa2024-41
- https://www.mozilla.org/security/advisories/mfsa2024-43
- https://www.mozilla.org/security/advisories/mfsa2024-44
Связанные уязвимости
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
A potentially exploitable type confusion could be triggered when looki ...
Уязвимость браузеров Firefox ESR и Firefox и почтового клиента Thunderbird, существующая из-за ошибки типов при поиске имени свойства в блоке «with», позволяющая нарушителю выполнить произвольный код