CVE-2024-8381

CVSS 9.8 CRITICALEPSS 4.4%CWE-843

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 4.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

03 Sep 2024Published on NVD

30 Jan 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

public PoCs found — 1

githubgithub.com/bjrjk/CVE-2024-8381★ 15

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1912715 https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html https://www.mozilla.org/security/advisories/mfsa2024-39/https://www.mozilla.org/security/advisories/mfsa2024-40/https://www.mozilla.org/security/advisories/mfsa2024-41/https://www.mozilla.org/security/advisories/mfsa2024-43/https://www.mozilla.org/security/advisories/mfsa2024-44/