CVE-2024-3853: Use After Free
Published Apr 16, 2024
·Updated
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started.
Affected Software
3 affected componentsFixes available
Mozilla Firefox<125
125
Mozilla Firefox<125.0
debian/firefox
137.0.2-1
Event History
Apr 16, 2024
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·03:14 PM
Data Sourced
via MITRE·03:14 PM
DescriptionWeakness
May 2, 2024
Data Sourced
via Launchpad·07:33 AM
Description
Sep 15, 2024
Data Sourced
via Ubuntu·07:53 AM
RemedyDescriptionSeverityAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2024-3853?
The severity of CVE-2024-3853 is classified as high due to its potential to cause a use-after-free condition.
2
How do I fix CVE-2024-3853?
To fix CVE-2024-3853, update to Firefox version 125 or later.
3
Who is affected by CVE-2024-3853?
CVE-2024-3853 affects users of Mozilla Firefox versions prior to 125.
4
What causes CVE-2024-3853?
CVE-2024-3853 is caused by a use-after-free error during the initialization of a JavaScript realm coinciding with garbage collection.
5
Is there a workaround for CVE-2024-3853?
There are no known effective workarounds for CVE-2024-3853, thus updating is the best mitigation.