{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8384", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-09-03T06:39:10.177Z", "datePublished": "2024-09-03T12:32:18.656Z", "dateUpdated": "2024-09-06T18:31:03.084Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "130", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "128.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "115.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "128.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "115.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15."}]}], "problemTypes": [{"descriptions": [{"description": "Garbage collection could mis-color cross-compartment objects in OOM conditions", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1911288"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-39/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-41/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-43/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-44/"}], "credits": [{"lang": "en", "value": "the Mozilla Fuzzing Team"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-09-06T18:31:03.084Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "affected": [{"vendor": "mozilla", "product": "firefox", "cpes": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "130", "versionType": "custom"}]}, {"vendor": "mozilla", "product": "firefox_esr", "cpes": ["cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "128.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "115.15", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T15:49:08.611457Z", "id": "CVE-2024-8384", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T15:50:38.505Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-8384", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-03T15:49:08.611457Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "firefox", "versions": [{"status": "affected", "version": "0", "lessThan": "130", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "firefox_esr", "versions": [{"status": "affected", "version": "0", "lessThan": "128.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "115.15", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T15:50:32.412Z"}}], "cna": {"credits": [{"lang": "en", "value": "the Mozilla Fuzzing Team"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "130", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.2", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.15", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.2", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.15", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1911288"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-39/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-41/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-43/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-44/"}], "descriptions": [{"lang": "en", "value": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.", "supportingMedia": [{"type": "text/html", "value": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Garbage collection could mis-color cross-compartment objects in OOM conditions"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-09-06T18:31:03.084Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8384", "state": "PUBLISHED", "dateUpdated": "2024-09-06T18:31:03.084Z", "dateReserved": "2024-09-03T06:39:10.177Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-09-03T12:32:18.656Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "87E41A09-924E-494F-BDF3-8C17EF330178", "versionEndExcluding": "130.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "1208DB6D-68A1-41C1-9C57-7C1C16F32229", "versionEndExcluding": "115.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D8B478B-4E42-4B63-B62E-D788C298047D", "versionEndExcluding": "128.2", "versionStartIncluding": "128.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15."}, {"lang": "es", "value": "El recolector de elementos no utilizados de JavaScript podr\u00eda colorear incorrectamente los objetos entre compartimentos si se detectaran condiciones de OOM en el punto correcto entre dos pasadas. Esto podr\u00eda haber provocado una corrupci\u00f3n de la memoria. Esta vulnerabilidad afecta a Firefox &lt; 130, Firefox ESR &lt; 128.2 y Firefox ESR &lt; 115.15."}], "id": "CVE-2024-8384", "lastModified": "2024-09-06T17:15:17.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-03T13:15:05.743", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1911288"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-39/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-40/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-41/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-43/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-44/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6838", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.2.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-09-19T00:00:00Z"}, {"advisory": "RHSA-2024:6682", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.2.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6684", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.2.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6723", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.2.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6721", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.2.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6721", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.2.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6721", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.2.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6816", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.2.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-09-19T00:00:00Z"}, {"advisory": "RHSA-2024:6719", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.2.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6681", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.2.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6683", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.2.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-16T00:00:00Z"}, {"advisory": "RHSA-2024:6722", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.2.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6720", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.2.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-17T00:00:00Z"}], "bugzilla": {"description": "mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions", "id": "2309430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309430"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.", "The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption."], "name": "CVE-2024-8384", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-09-03T13:15:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-8384\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8384\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1911288\nhttps://www.mozilla.org/security/advisories/mfsa2024-39/\nhttps://www.mozilla.org/security/advisories/mfsa2024-40/\nhttps://www.mozilla.org/security/advisories/mfsa2024-41/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}