Search for vulnerabilities
Vulnerability details: VCID-mbzx-53sb-kfgr
Vulnerability ID VCID-mbzx-53sb-kfgr
Aliases CVE-2024-8384
Summary The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2024-8384
cvssv3.1 9.8 https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-8384
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-39
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-40
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-41
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-43
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-44
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-39/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-39/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-40/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-40/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-41/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-41/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-43/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-43/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-44/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-44/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json
https://api.first.org/data/v1/epss?cve=CVE-2024-8384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8384
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2309430 https://bugzilla.redhat.com/show_bug.cgi?id=2309430
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
CVE-2024-8384 https://nvd.nist.gov/vuln/detail/CVE-2024-8384
mfsa2024-39 https://www.mozilla.org/en-US/security/advisories/mfsa2024-39
mfsa2024-39 https://www.mozilla.org/security/advisories/mfsa2024-39/
mfsa2024-40 https://www.mozilla.org/en-US/security/advisories/mfsa2024-40
mfsa2024-40 https://www.mozilla.org/security/advisories/mfsa2024-40/
mfsa2024-41 https://www.mozilla.org/en-US/security/advisories/mfsa2024-41
mfsa2024-41 https://www.mozilla.org/security/advisories/mfsa2024-41/
mfsa2024-43 https://www.mozilla.org/en-US/security/advisories/mfsa2024-43
mfsa2024-43 https://www.mozilla.org/security/advisories/mfsa2024-43/
mfsa2024-44 https://www.mozilla.org/en-US/security/advisories/mfsa2024-44
mfsa2024-44 https://www.mozilla.org/security/advisories/mfsa2024-44/
RHSA-2024:6681 https://access.redhat.com/errata/RHSA-2024:6681
RHSA-2024:6682 https://access.redhat.com/errata/RHSA-2024:6682
RHSA-2024:6683 https://access.redhat.com/errata/RHSA-2024:6683
RHSA-2024:6684 https://access.redhat.com/errata/RHSA-2024:6684
RHSA-2024:6719 https://access.redhat.com/errata/RHSA-2024:6719
RHSA-2024:6720 https://access.redhat.com/errata/RHSA-2024:6720
RHSA-2024:6721 https://access.redhat.com/errata/RHSA-2024:6721
RHSA-2024:6722 https://access.redhat.com/errata/RHSA-2024:6722
RHSA-2024:6723 https://access.redhat.com/errata/RHSA-2024:6723
RHSA-2024:6782 https://access.redhat.com/errata/RHSA-2024:6782
RHSA-2024:6786 https://access.redhat.com/errata/RHSA-2024:6786
RHSA-2024:6816 https://access.redhat.com/errata/RHSA-2024:6816
RHSA-2024:6838 https://access.redhat.com/errata/RHSA-2024:6838
RHSA-2024:6839 https://access.redhat.com/errata/RHSA-2024:6839
RHSA-2024:6850 https://access.redhat.com/errata/RHSA-2024:6850
RHSA-2024:6891 https://access.redhat.com/errata/RHSA-2024:6891
RHSA-2024:6892 https://access.redhat.com/errata/RHSA-2024:6892
show_bug.cgi?id=1911288 https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
USN-6992-1 https://usn.ubuntu.com/6992-1/
USN-6995-1 https://usn.ubuntu.com/6995-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8384.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8384
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-39/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-39/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-40/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-40/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-41/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-41/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-43/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-43/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-44/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:49:08Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-44/
Exploit Prediction Scoring System (EPSS)
Percentile 0.74139
EPSS Score 0.00862
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:06.029641+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-44.yml 37.0.0