CVE-2024-3854

Summary

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 125affected
MozillaFirefox ESRunspecified < 115.10affected
MozillaThunderbirdunspecified < 115.10affected

Weaknesses

  • Out-of-bounds-read after mis-optimized switch statement

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References