CVE-2024-3852: High severity thunderbird vulnerability
Published Apr 16, 2024
·Updated
GetBoundName could return the wrong version of an object when JIT optimizations were applied.
Affected Software
11 affected componentsFixes available
redhat/firefox<115.10
115.10
redhat/thunderbird<115.10
115.10
Mozilla Thunderbird<115.10
115.10
Mozilla Firefox<125
125
Mozilla Firefox ESR<115.10
115.10
Mozilla Firefox<115.10
Mozilla Firefox<125.0
Mozilla Thunderbird<115.10
debian/firefox
138.0.1-1
debian/firefox-esr
115.14.0esr-1~deb11u1128.9.0esr-1~deb11u1128.8.0esr-1~deb12u1128.10.0esr-1~deb12u1128.9.0esr-2128.10.0esr-1
debian/thunderbird
1:115.12.0-1~deb11u11:128.10.0esr-1~deb11u11:128.8.0esr-1~deb12u11:128.10.0esr-1~deb12u11:128.9.0esr-11:128.10.0esr-1
Event History
Apr 16, 2024
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·03:14 PM
Data Sourced
via MITRE·03:14 PM
DescriptionWeakness
Apr 17, 2024
Data Sourced
via Red Hat·03:17 PM
DescriptionSeverityAffected Software
May 2, 2024
Data Sourced
via Launchpad·07:33 AM
Description
Sep 15, 2024
Data Sourced
via Ubuntu·07:53 AM
RemedyDescriptionSeverityAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2024-3852?
CVE-2024-3852 is classified as a medium severity vulnerability.
2
How do I fix CVE-2024-3852?
To fix CVE-2024-3852, upgrade to the patched versions of affected software as specified by the vendor.
3
What products are affected by CVE-2024-3852?
CVE-2024-3852 affects Mozilla Firefox, Firefox ESR, Thunderbird, as well as specific versions from Red Hat and Debian.
4
What kind of vulnerability is CVE-2024-3852?
CVE-2024-3852 is a vulnerability that allows GetBoundName to return the wrong version of an object due to JIT optimizations.
5
When was CVE-2024-3852 disclosed?
CVE-2024-3852 was disclosed in 2024 as part of Mozilla's security advisories.