CRITICAL🇵🇱 Wersja polska

CVE-2024-4778

CVSS 9.8v3.1pub. 2024-05-14upd. 2025-04-04

Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.

🤖 AI Analysis
How it works

The vulnerabilities concern improper memory management in the Firefox 125 browser engine, classified as CWE-1260 (memory protection mechanism mismatch). Some of the identified vulnerabilities showed evidence of actual memory corruption during application operation. An exploit could be carried out remotely, without the need for authentication and without user interaction, which reflects the CVSS vector AV:N/AC:L/PR:N/UI:N.

Impact

An attacker can potentially execute arbitrary code (RCE) on the victim's computer, which may lead to complete system takeover, data confidentiality breach, and disruption of application functionality.

Mitigation & patch

Mozilla Firefox should be updated to version 126 or newer. Updates are available through the browser's automatic update mechanism or on the manufacturer's website in accordance with the MFSA2024-21 security advisory.

Who is affected

Mozilla Firefox in versions earlier than 126 (vulnerable version: Firefox 125).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 126.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...