An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2024-7652 - High Severity Vulnerability
Vulnerable Library - icecaticecat-60.3.0-gnu1
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/icecat?wsslib=icecat
Found in base branch: main
Vulnerable Source Files (2)
/src/third_party/mozjs-60/extract/js/src/vm/AsyncIteration.cpp /src/third_party/mozjs-60/extract/js/src/vm/AsyncIteration.cpp
Vulnerability Details
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Publish Date: 2024-09-06
URL: CVE-2024-7652
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2024-09-06
Fix Resolution: 1ab696252ab8e31e5b7a70b1de4cee87755da02c
Step up your Open Source Security Game with Mend here