Search for vulnerabilities
Vulnerability details: VCID-5nn4-kvv6-ufd9
Vulnerability ID VCID-5nn4-kvv6-ufd9
Aliases CVE-2024-8384
Summary The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00446 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00511 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00523 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00572 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00572 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00572 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00572 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00572 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00572 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00609 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00678 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.01429 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-8384
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-8384
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-39
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-40
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-41
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-43
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-44
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json
https://api.first.org/data/v1/epss?cve=CVE-2024-8384
https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8384
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.mozilla.org/security/advisories/mfsa2024-39/
https://www.mozilla.org/security/advisories/mfsa2024-40/
https://www.mozilla.org/security/advisories/mfsa2024-41/
https://www.mozilla.org/security/advisories/mfsa2024-43/
https://www.mozilla.org/security/advisories/mfsa2024-44/
2309430 https://bugzilla.redhat.com/show_bug.cgi?id=2309430
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
CVE-2024-8384 https://nvd.nist.gov/vuln/detail/CVE-2024-8384
GLSA-202412-04 https://security.gentoo.org/glsa/202412-04
GLSA-202412-06 https://security.gentoo.org/glsa/202412-06
GLSA-202412-13 https://security.gentoo.org/glsa/202412-13
mfsa2024-39 https://www.mozilla.org/en-US/security/advisories/mfsa2024-39
mfsa2024-40 https://www.mozilla.org/en-US/security/advisories/mfsa2024-40
mfsa2024-41 https://www.mozilla.org/en-US/security/advisories/mfsa2024-41
mfsa2024-43 https://www.mozilla.org/en-US/security/advisories/mfsa2024-43
mfsa2024-44 https://www.mozilla.org/en-US/security/advisories/mfsa2024-44
RHSA-2024:6681 https://access.redhat.com/errata/RHSA-2024:6681
RHSA-2024:6682 https://access.redhat.com/errata/RHSA-2024:6682
RHSA-2024:6683 https://access.redhat.com/errata/RHSA-2024:6683
RHSA-2024:6684 https://access.redhat.com/errata/RHSA-2024:6684
RHSA-2024:6719 https://access.redhat.com/errata/RHSA-2024:6719
RHSA-2024:6720 https://access.redhat.com/errata/RHSA-2024:6720
RHSA-2024:6721 https://access.redhat.com/errata/RHSA-2024:6721
RHSA-2024:6722 https://access.redhat.com/errata/RHSA-2024:6722
RHSA-2024:6723 https://access.redhat.com/errata/RHSA-2024:6723
RHSA-2024:6782 https://access.redhat.com/errata/RHSA-2024:6782
RHSA-2024:6786 https://access.redhat.com/errata/RHSA-2024:6786
RHSA-2024:6816 https://access.redhat.com/errata/RHSA-2024:6816
RHSA-2024:6838 https://access.redhat.com/errata/RHSA-2024:6838
RHSA-2024:6839 https://access.redhat.com/errata/RHSA-2024:6839
RHSA-2024:6850 https://access.redhat.com/errata/RHSA-2024:6850
RHSA-2024:6891 https://access.redhat.com/errata/RHSA-2024:6891
RHSA-2024:6892 https://access.redhat.com/errata/RHSA-2024:6892
USN-6992-1 https://usn.ubuntu.com/6992-1/
USN-6995-1 https://usn.ubuntu.com/6995-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8384
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8384
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.44379
EPSS Score 0.00107
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-17T19:12:38.137004+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-8384 34.0.1