CVE-2024-1552

Published: Feb 20, 2024Modified: Mar 27, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Affected (4)

Products: Mozilla: Firefox, Thunderbird · Debian: Debian Linux

2 products

1 product

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 123.0
Mozilla Firefox	Before 115.8.0
Mozilla Thunderbird	Before 115.8.0

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

CWE-681

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (12)

https://bugzilla.mozilla.org/show_bug.cgi?id=1874502

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html

Source: security@mozilla.org

Mailing List

https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html

Source: security@mozilla.org

Mailing List

https://www.mozilla.org/security/advisories/mfsa2024-05/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-06/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-07/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1874502