CVE-2024-8385

Description

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Mozilla / Firefoxunspecified – 130
Mozilla / Firefox ESRunspecified – 128.2
Mozilla / Thunderbirdunspecified – 128.2

References

MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=1911909
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2024-39/
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2024-40/
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2024-43/