CVE-2024-3860

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1881417
• https://www.mozilla.org/security/advisories/mfsa2024-18/
• https://launchpad.net/bugs/cve/CVE-2024-3860
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
• https://security-tracker.debian.org/tracker/CVE-2024-3860
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3860
• https://nvd.nist.gov/vuln/detail/CVE-2024-3860
• https://ubuntu.com/security/CVE-2024-3860

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2024-18

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-3852
• CVE-2024-5702
• CVE-2024-3853
• CVE-2024-3854
• CVE-2024-3855
• CVE-2024-3856
• CVE-2024-3857
• CVE-2024-3858
• CVE-2024-3859
• CVE-2024-3860
• CVE-2024-3861
• CVE-2024-3862
• CVE-2024-3863
• CVE-2024-3302
• CVE-2024-3864
• CVE-2024-3865

Frequently Asked Questions

• What is the severity of CVE-2024-3860?

  CVE-2024-3860 is classified as a high severity vulnerability due to the potential for crashes caused by an out-of-memory condition.

• How do I fix CVE-2024-3860?

  To mitigate CVE-2024-3860, update Mozilla Firefox to version 126 or later, or ensure that the Debian firefox package is updated to version 134.0.2-2 or higher.

• What impact does CVE-2024-3860 have on affected systems?

  CVE-2024-3860 can lead to application crashes when the JIT (Just-In-Time compiler) attempts to process objects with an empty shape list.

• Which software versions are affected by CVE-2024-3860?

  CVE-2024-3860 affects Mozilla Firefox versions up to 125 and the Debian firefox package versions earlier than 134.0.2-2.

• Is user data at risk with CVE-2024-3860?

  While CVE-2024-3860 primarily causes crashes, it does not indicate direct risk to user data but could lead to instability in the application.