What is the severity of CVE-2024-3854?

CVE-2024-3854 has been classified with a high severity due to its potential for causing out-of-bounds reads.

How do I fix CVE-2024-3854?

To fix CVE-2024-3854, users should update to the latest version of affected software such as Firefox, Thunderbird, or Firefox ESR, depending on their distribution.

Which versions are affected by CVE-2024-3854?

CVE-2024-3854 affects Firefox and Thunderbird versions earlier than 115.10, as well as Firefox ESR versions earlier than 115.10.

What products are impacted by CVE-2024-3854?

CVE-2024-3854 impacts Mozilla's Firefox, Firefox ESR, and Thunderbird across various Linux distributions.

Is there a workaround for CVE-2024-3854?

Currently, the best approach for mitigating CVE-2024-3854 is to upgrade to a patched version of the affected software.

Vulnerability/
CVE-2024-3854

high

8.8

CWE

125

EPSS

0.044%

16/4/2024

21/11/2024

CVE-2024-3854

First published: Tue Apr 16 2024(Updated: )

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
redhat/firefox	<115.10	115.10
redhat/thunderbird	<115.10	115.10
Thunderbird	<115.10	115.10
Firefox	<125	125
Firefox ESR	<115.10	115.10
debian/firefox		135.0.1-1
debian/firefox-esr		115.14.0esr-1~deb11u1 128.7.0esr-1~deb11u1 128.5.0esr-1~deb12u1 128.7.0esr-1~deb12u1 128.7.0esr-1
debian/thunderbird		1:115.12.0-1~deb11u1 1:128.7.0esr-1~deb11u1 1:128.5.0esr-1~deb12u1 1:128.7.0esr-1~deb12u1 1:128.7.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-3854?
CVE-2024-3854 has been classified with a high severity due to its potential for causing out-of-bounds reads.
How do I fix CVE-2024-3854?
To fix CVE-2024-3854, users should update to the latest version of affected software such as Firefox, Thunderbird, or Firefox ESR, depending on their distribution.
Which versions are affected by CVE-2024-3854?
CVE-2024-3854 affects Firefox and Thunderbird versions earlier than 115.10, as well as Firefox ESR versions earlier than 115.10.
What products are impacted by CVE-2024-3854?
CVE-2024-3854 impacts Mozilla's Firefox, Firefox ESR, and Thunderbird across various Linux distributions.
Is there a workaround for CVE-2024-3854?
Currently, the best approach for mitigating CVE-2024-3854 is to upgrade to a patched version of the affected software.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-3854
agent/software-canonical-lookup
agent/author
collector/launchpad-cve
source/Launchpad
collector/epss-latest
source/FIRST
agent/epss
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/description
collector/nvd-cve
source/NVD
agent/last-modified-date
collector/nvd-api
agent/trending
agent/source
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
package-manager/redhat
vendor/mozilla
canonical/thunderbird
canonical/firefox
canonical/firefox esr
package-manager/debian