Analysis Summary

CVE-2024-3865 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3864 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3863 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to present the executable file warning when downloading .xrm-ms files. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-3862 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the potential use of uninitialized memory in MarkStack assignment operator on self-assignment. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-3302 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by the failure to limit the number of HTTP/2 CONTINUATION frames that would be processed. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause an Out of Memory condition in the browser.

CVE-2024-3860 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-memory condition during object initialization when tracing empty shape lists. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.

CVE-2024-3858 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by a corrupt pointer dereference in js::CheckTracedThing<js::Shape>. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.

CVE-2024-3861 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free due to AlignedBuffer self-move. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3859 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer-overflow that led to an out-of-bounds-read in the OpenType sanitizer. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3856 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WASM garbage collection. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3855 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read related to the JIT incorrectly optimizing MSubstr operations. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3857 CVSS:6.5

Mozilla Firefox is vulnerable to a denial of service, caused by the incorrect JITting of arguments leading to a use-after-free during garbage collection. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.

CVE-2024-3854 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read after mis-optimized switch statement. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-3852 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by GetBoundName in the JIT returned the wrong object. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-3853 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free if garbage collection runs during realm initialization. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.