CVE-2024-8385
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8385 is a critical type confusion vulnerability that affects Firefox versions prior to 130, Firefox ESR versions prior to 128.2, and Thunderbird versions prior to 128.2. The vulnerability arises from discrepancies in handling StructFields and ArrayTypes in WebAssembly (WASM), which could allow attackers to exploit the weakness, potentially leading to unauthorized access and manipulation of sensitive data. To remediate this vulnerability, users are advised to update their Firefox or Thunderbird applications to the latest versions. The impact of this vulnerability is severe, with a CVSS base score of 9.8, indicating high risks to both confidentiality and integrity of affected systems without requiring user interaction or elevated privileges. Organizations utilizing these products should prioritize patching efforts to mitigate potential exploitation risks associated with this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.