CVE-2024-2606: Incorrect Type Cast
Published Mar 19, 2024
·Updated
Last updated 24 July 2024
Other sources
Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values.
— Mozilla
Affected Software
3 affected componentsFixes available
Mozilla Firefox<124
124
Mozilla Firefox<124.0
debian/firefox
138.0.1-1
Event History
Mar 19, 2024
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·12:02 PM
Data Sourced
via MITRE·12:02 PM
DescriptionWeakness
Mar 28, 2024
Data Sourced
via Launchpad·08:18 AM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·08:42 AM
RemedyDescriptionSeverityAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2024-2606?
CVE-2024-2606 is considered a high severity vulnerability due to the potential for arbitrary pointer manipulations.
2
How do I fix CVE-2024-2606?
To fix CVE-2024-2606, update Firefox to version 125 or newer, or apply the latest patch from your vendor.
3
What products are affected by CVE-2024-2606?
CVE-2024-2606 affects Mozilla Firefox versions up to 124 and the Debian package of Firefox version 134.0.2-3.
4
What could happen if CVE-2024-2606 is exploited?
Exploiting CVE-2024-2606 could lead to the creation of invalid WebAssembly values, which might allow for unauthorized access or crashes.
5
When was CVE-2024-2606 last updated?
CVE-2024-2606 was last updated on 24 July 2024.