CVE-2024-3861

Summary

If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 125affected
MozillaFirefox ESRunspecified < 115.10affected
MozillaThunderbirdunspecified < 115.10affected

Weaknesses

  • Potential use-after-free due to AlignedBuffer self-move

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References