CVE-2024-3853 | THREATINT

Assigner	mozilla
Reserved	2024-04-15
Published	2024-04-16
Updated	2024-06-11

Description

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

Problem types

Use-after-free if garbage collection runs during realm initialization

Product status

Any version before 125

affected

Credits

Gary Kwong

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1884427

https://www.mozilla.org/security/advisories/mfsa2024-18/

cve.org CVE-2024-3853

nvd.nist.gov CVE-2024-3853

Download JSON