“Stealc” – An Information Stealer Malware – Active IOCs
April 18, 2024Severe Atlassian Vulnerability Exploited to Install Linux Version of Cerber Ransomware – Active IOCs
April 18, 2024“Stealc” – An Information Stealer Malware – Active IOCs
April 18, 2024Severe Atlassian Vulnerability Exploited to Install Linux Version of Cerber Ransomware – Active IOCs
April 18, 2024Severity
High
Analysis Summary
CVE-2024-3865 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3864 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3863 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to present the executable file warning when downloading .xrm-ms files. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-3862 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the potential use of uninitialized memory in MarkStack assignment operator on self-assignment. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-3302 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by the failure to limit the number of HTTP/2 CONTINUATION frames that would be processed. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause an Out of Memory condition in the browser.
CVE-2024-3860 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-memory condition during object initialization when tracing empty shape lists. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2024-3858 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a corrupt pointer dereference in js::CheckTracedThing<js::Shape>. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2024-3861 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free due to AlignedBuffer self-move. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3859 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer-overflow that led to an out-of-bounds-read in the OpenType sanitizer. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3856 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WASM garbage collection. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3855 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read related to the JIT incorrectly optimizing MSubstr operations. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3857 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by the incorrect JITting of arguments leading to a use-after-free during garbage collection. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2024-3854 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read after mis-optimized switch statement. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-3852 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by GetBoundName in the JIT returned the wrong object. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-3853 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free if garbage collection runs during realm initialization. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Denial of Service
- Gain Access
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-3865
- CVE-2024-3864
- CVE-2024-3863
- CVE-2024-3862
- CVE-2024-3302
- CVE-2024-3860
- CVE-2024-3858
- CVE-2024-3861
- CVE-2024-3859
- CVE-2024-3856
- CVE-2024-3855
- CVE-2024-3857
- CVE-2024-3854
- CVE-2024-3852
- CVE-2024-3853
Affected Vendors
Affected Products
- Mozilla Firefox 124.0.0
- Mozilla Firefox ESR 115.9
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.