The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c6a1d4e0ec advisory.

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125,     Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  - A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage     collection started. This vulnerability affects Firefox < 125. (CVE-2024-3853)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  - In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This     vulnerability affects Firefox < 125. (CVE-2024-3855)

  - A use-after-free could occur during WASM execution if garbage collection ran during the creation of an     array. This vulnerability affects Firefox < 125. (CVE-2024-3856)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-3857)

  - It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This     vulnerability affects Firefox < 125. (CVE-2024-3858)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3859)

  - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT     subsequently traced the object it would crash. This vulnerability affects Firefox < 125. (CVE-2024-3860)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3861)

  - The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it     were used in a self-assignment. This vulnerability affects Firefox < 125. (CVE-2024-3862)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

  - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Firefox < 125. (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1437-1 advisory.

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-2609)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125,     Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-3857)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-966e16bfa3 advisory.

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125,     Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  - A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage     collection started. This vulnerability affects Firefox < 125. (CVE-2024-3853)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  - In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This     vulnerability affects Firefox < 125. (CVE-2024-3855)

  - A use-after-free could occur during WASM execution if garbage collection ran during the creation of an     array. This vulnerability affects Firefox < 125. (CVE-2024-3856)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-3857)

  - It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This     vulnerability affects Firefox < 125. (CVE-2024-3858)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3859)

  - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT     subsequently traced the object it would crash. This vulnerability affects Firefox < 125. (CVE-2024-3860)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3861)

  - The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it     were used in a self-assignment. This vulnerability affects Firefox < 125. (CVE-2024-3862)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

  - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Firefox < 125. (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1350-1 advisory.

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-2609)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125,     Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-3857)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-20 advisory.

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied.
    (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. (CVE-2024-3857)

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. (CVE-2024-2609)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files.   Note: This issue only     affected Windows operating systems. Other operating systems are unaffected. (CVE-2024-3863)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. (CVE-2024-3302)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-20 advisory.

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied.
    (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. (CVE-2024-3857)

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. (CVE-2024-2609)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files.   Note: This issue only     affected Windows operating systems. Other operating systems are unaffected. (CVE-2024-3863)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. (CVE-2024-3302)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-121f5cec9f advisory.

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125,     Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  - A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage     collection started. This vulnerability affects Firefox < 125. (CVE-2024-3853)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  - In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This     vulnerability affects Firefox < 125. (CVE-2024-3855)

  - A use-after-free could occur during WASM execution if garbage collection ran during the creation of an     array. This vulnerability affects Firefox < 125. (CVE-2024-3856)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and     Thunderbird < 115.10. (CVE-2024-3857)

  - It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This     vulnerability affects Firefox < 125. (CVE-2024-3858)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3859)

  - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT     subsequently traced the object it would crash. This vulnerability affects Firefox < 125. (CVE-2024-3860)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,     and Thunderbird < 115.10. (CVE-2024-3861)

  - The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it     were used in a self-assignment. This vulnerability affects Firefox < 125. (CVE-2024-3862)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

  - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Firefox < 125. (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1319-1 advisory.

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. This vulnerability affects Firefox < 124 and Firefox ESR < 115.10.
    (CVE-2024-2609)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125     and Firefox ESR < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
    (CVE-2024-3857)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125 and Firefox ESR <     115.10. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125 and Firefox ESR <     115.10. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory.

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. This vulnerability affects Firefox < 124 and Firefox ESR < 115.10.
    (CVE-2024-2609)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125     and Firefox ESR < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This     vulnerability affects Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
    (CVE-2024-3857)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125 and Firefox ESR <     115.10. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. This vulnerability affects Firefox < 125 and Firefox ESR <     115.10. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects     Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3863)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10. (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory.

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied.
    (CVE-2024-3852)

  - A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage     collection started. (CVE-2024-3853)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. (CVE-2024-3854)

  - In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads.
    (CVE-2024-3855)

  - A use-after-free could occur during WASM execution if garbage collection ran during the creation of an     array. (CVE-2024-3856)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. (CVE-2024-3857)

  - It was possible to mutate a JavaScript object so that the JIT could crash while tracing it.
    (CVE-2024-3858)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. (CVE-2024-3859)

  - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT     subsequently traced the object it would crash. (CVE-2024-3860)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. (CVE-2024-3861)

  - The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it     were used in a self-assignment. (CVE-2024-3862)

  - The executable file warning was not presented when downloading .xrm-ms files.   Note: This issue only     affected Windows operating systems. Other operating systems are unaffected. (CVE-2024-3863)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. (CVE-2024-3302)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. (CVE-2024-3864)

  - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory.

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied.
    (CVE-2024-3852)

  - A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage     collection started. (CVE-2024-3853)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. (CVE-2024-3854)

  - In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads.
    (CVE-2024-3855)

  - A use-after-free could occur during WASM execution if garbage collection ran during the creation of an     array. (CVE-2024-3856)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. (CVE-2024-3857)

  - It was possible to mutate a JavaScript object so that the JIT could crash while tracing it.
    (CVE-2024-3858)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. (CVE-2024-3859)

  - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT     subsequently traced the object it would crash. (CVE-2024-3860)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. (CVE-2024-3861)

  - The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it     were used in a self-assignment. (CVE-2024-3862)

  - The executable file warning was not presented when downloading .xrm-ms files.   Note: This issue only     affected Windows operating systems. Other operating systems are unaffected. (CVE-2024-3863)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. (CVE-2024-3302)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. (CVE-2024-3864)

  - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-19 advisory.

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied.
    (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. (CVE-2024-3857)

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. (CVE-2024-2609)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files.   Note: This issue only     affected Windows operating systems. Other operating systems are unaffected. (CVE-2024-3863)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. (CVE-2024-3302)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-19 advisory.

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied.
    (CVE-2024-3852)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-     bounds-reads. (CVE-2024-3854)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free     crashes during garbage collection. (CVE-2024-3857)

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable     to clickjacking by malicious websites. (CVE-2024-2609)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could     be triggered by a malformed OpenType font. (CVE-2024-3859)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect     reference count and later use-after-free. (CVE-2024-3861)

  - The executable file warning was not presented when downloading .xrm-ms files.   Note: This issue only     affected Windows operating systems. Other operating systems are unaffected. (CVE-2024-3863)

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could     abuse this to create an Out of Memory condition in the browser. (CVE-2024-3302)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed     evidence of memory corruption and we presume that with enough effort this could have been exploited to run     arbitrary code. (CVE-2024-3864)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194573	Fedora 40 : firefox (2024-c6a1d4e0ec)	Nessus	Fedora Local Security Checks	high
193908	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:1437-1)	Nessus	SuSE Local Security Checks	high
193669	Fedora 38 : firefox (2024-966e16bfa3)	Nessus	Fedora Local Security Checks	high
193652	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:1350-1)	Nessus	SuSE Local Security Checks	high
193589	Mozilla Thunderbird < 115.10	Nessus	MacOS X Local Security Checks	high
193588	Mozilla Thunderbird < 115.10	Nessus	Windows	high
193396	Fedora 39 : firefox (2024-121f5cec9f)	Nessus	Fedora Local Security Checks	high
193385	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:1319-1)	Nessus	SuSE Local Security Checks	medium
193370	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)	Nessus	Slackware Local Security Checks	critical
193366	Mozilla Firefox < 125.0	Nessus	Windows	critical
193365	Mozilla Firefox < 125.0	Nessus	MacOS X Local Security Checks	critical
193364	Mozilla Firefox ESR < 115.10	Nessus	Windows	critical
193363	Mozilla Firefox ESR < 115.10	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2024-3863

high

Tenable Plugins

high

high

high

high

high

high

high

medium

critical

critical

critical

critical

critical