CVE-2024-8384

Summary

CVE-2024-8384 is a critical vulnerability affecting versions of Firefox prior to 130, Firefox ESR before 128.2 and 115.15, as well as Thunderbird versions below 128.2 and 115.15. The issue arises from the JavaScript garbage collector potentially mis-coloring cross-compartment objects during out-of-memory (OOM) conditions, leading to memory corruption risks. This vulnerability poses a high impact on confidentiality, integrity, and availability, with an exploitability score of 3.9 and a base severity rating of 9.8. To remediate this vulnerability, users should update their Firefox or Thunderbird installations to the latest versions that address this issue. Organizations using affected products are advised to act promptly due to the potential for significant security breaches through network exploitation without user interaction required.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.