CVE-2024-8381

Published Sep 3, 2024

Last updated 6 months ago

CVSS critical 9.8

Overview

Description
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Source
security@mozilla.org
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
CWE-843
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-843

Social media

Hype score
Not currently trending

  1. #exploit 1. CVE-2024-57514: XSS in TP-Link A20 v3 Router - https://t.co/HA0f0sLlHa 2. CVE-2025-21293: AD Domain Services EoP - https://t.co/AwLqPE5vYQ 3. CVE-2025-24118: macOS XNU kernel vulnerability - https://t.co/igtmkN1Gac 4. CVE-2024-8381: SpiderMonkey Interpreter Type… h

    @ksg93rd

    3 Feb 2025

    244 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-8381 2 - CVE-2024-10487 3 - CVE-2025-24118 4 - CVE-2025-24162 5 - CVE-2025-0282 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Feb 2025

    259 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Analysis and Exploit for CVE-2024-8381, a SpiderMonkey Interpreter Type Confusion Bug! Unfortunately, due to nature of this bug, exploit is only applicable when ASLR is disabled. Shoutout to @__nils_ for finding this bug. https://t.co/97i7NRu0an

    @bjrjk

    1 Feb 2025

    5356 Impressions

    30 Retweets

    124 Likes

    42 Bookmarks

    2 Replies

    0 Quotes

Configurations

References