CVE-2024-3858: Null Pointer Dereference
Published Apr 16, 2024
·Updated
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it.
Affected Software
3 affected componentsFixes available
Mozilla Firefox<125
125
Mozilla Firefox<125.0
debian/firefox
138.0.1-1
Event History
Apr 16, 2024
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·03:14 PM
Data Sourced
via MITRE·03:14 PM
DescriptionWeakness
May 2, 2024
Data Sourced
via Launchpad·07:33 AM
Description
Sep 15, 2024
Data Sourced
via Ubuntu·07:53 AM
RemedyDescriptionSeverityAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2024-3858?
CVE-2024-3858 has been classified as a high severity vulnerability due to its potential to crash the Just-In-Time (JIT) compiler.
2
How do I fix CVE-2024-3858?
To mitigate CVE-2024-3858, users should upgrade to Mozilla Firefox version 125 or later.
3
Which versions of Firefox are affected by CVE-2024-3858?
CVE-2024-3858 affects all versions of Firefox prior to version 125.
4
Can CVE-2024-3858 be exploited remotely?
Yes, CVE-2024-3858 can potentially be exploited remotely, allowing attackers to cause application crashes.
5
What is the impact of exploiting CVE-2024-3858?
Exploiting CVE-2024-3858 can lead to a denial of service in Firefox by crashing the JIT compiler.