What is the severity of CVE-2024-3857?

CVE-2024-3857 has the potential for significant impact as it may lead to use-after-free crashes in affected software.

How do I fix CVE-2024-3857?

To fix CVE-2024-3857, update to the latest versions of the affected software, such as Firefox and Thunderbird, specifically beyond version 115.10.

Which products are affected by CVE-2024-3857?

CVE-2024-3857 affects versions of Firefox, Thunderbird, Firefox ESR, and the corresponding Debian packages up to version 115.10.

What causes the CVE-2024-3857 vulnerability?

The vulnerability in CVE-2024-3857 is caused by the JIT compiler generating incorrect code for arguments, resulting in potential crashes.

How can I check if my software is affected by CVE-2024-3857?

You can check if your software is affected by CVE-2024-3857 by comparing your installed version of Firefox or Thunderbird against the mentioned vulnerable versions.

Vulnerability/
CVE-2024-3857

high

7.8

CWE

416

EPSS

0.044%

16/4/2024

1/4/2025

CVE-2024-3857: Use After Free

First published: Tue Apr 16 2024(Updated: )

Last updated 24 July 2024

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
redhat/firefox	<115.10	115.10
redhat/thunderbird	<115.10	115.10
Thunderbird	<115.10	115.10
Firefox	<125	125
Firefox ESR	<115.10	115.10
Firefox	<115.10
Firefox	<125.0
Thunderbird	<115.10
Debian Linux	=10.0
debian/firefox		137.0.2-1
debian/firefox-esr		115.14.0esr-1~deb11u1 128.9.0esr-1~deb11u1 128.8.0esr-1~deb12u1 128.9.0esr-1~deb12u1 128.9.0esr-2
debian/thunderbird		1:115.12.0-1~deb11u1 1:128.9.0esr-1~deb11u1 1:128.8.0esr-1~deb12u1 1:128.9.0esr-1~deb12u1 1:128.9.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-3857?
CVE-2024-3857 has the potential for significant impact as it may lead to use-after-free crashes in affected software.
How do I fix CVE-2024-3857?
To fix CVE-2024-3857, update to the latest versions of the affected software, such as Firefox and Thunderbird, specifically beyond version 115.10.
Which products are affected by CVE-2024-3857?
CVE-2024-3857 affects versions of Firefox, Thunderbird, Firefox ESR, and the corresponding Debian packages up to version 115.10.
What causes the CVE-2024-3857 vulnerability?
The vulnerability in CVE-2024-3857 is caused by the JIT compiler generating incorrect code for arguments, resulting in potential crashes.
How can I check if my software is affected by CVE-2024-3857?
You can check if your software is affected by CVE-2024-3857 by comparing your installed version of Firefox or Thunderbird against the mentioned vulnerable versions.

agent/type
agent/first-publish-date
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-3857
agent/software-canonical-lookup
agent/author
collector/launchpad-cve
source/Launchpad
collector/epss-latest
source/FIRST
agent/epss
agent/severity
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/description
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
agent/source
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
agent/event
collector/security-tracker-debian
source/Debian
collector/nvd-api
package-manager/redhat
vendor/mozilla
canonical/thunderbird
canonical/firefox
canonical/firefox esr
package-manager/debian
vendor/debian
canonical/debian linux
version/debian linux/10.0