CVE-2024-7652

Summary

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 128affected
MozillaFirefox ESRunspecified < 115.13affected
MozillaThunderbirdunspecified < 115.13affected
MozillaThunderbirdunspecified < 128affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References