CVE-2024-7652

Type Confusion in Async Generators in Javascript Engine

Description

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

INFO

Published Date :

2024-09-06T18:18:28.692Z

Last Modified :

2025-10-30T16:14:30.001Z

Source :

mozilla

AFFECTED PRODUCTS

The following products are affected by CVE-2024-7652 vulnerability.

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7652.

URL	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
https://nvd.nist.gov/vuln/detail/CVE-2024-7652
https://www.cve.org/CVERecord?id=CVE-2024-7652
https://www.mozilla.org/security/advisories/mfsa2024-29/
https://www.mozilla.org/security/advisories/mfsa2024-30/
https://www.mozilla.org/security/advisories/mfsa2024-31/
https://www.mozilla.org/security/advisories/mfsa2024-32/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact