CVE-2024-8385

Published: Sep 3, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

Affected (2)

Products: Mozilla: Firefox, Firefox Esr

Mozilla

2 products

Firefox

Firefox Esr

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 130.0
Mozilla Firefox Esr	Before 128.2

Related CWEs

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1911909

Source: security@mozilla.org

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2024-39/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-40/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-43/

Source: security@mozilla.org

Timeline

No history available yet.