CVE-2024-29943

CVSS 9.8 CRITICALEPSS 22.9%CWE-125 CWE-787

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Mozilla · Firefox

public PoCs found — 2

githubgithub.com/bjrjk/CVE-2024-29943★ 95 githubgithub.com/seadragnol/CVE-2024-29943★ 2

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1886849 https://www.mozilla.org/security/advisories/mfsa2024-15/http://www.openwall.com/lists/oss-security/2024/03/23/1