GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Mozilla Foundation Security Advisory 2024-19
Security Vulnerabilities fixed in Firefox ESR 11510
Announced
April 16, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 11510
...
Mozilla Foundation Security Advisory 2024-18
Security Vulnerabilities fixed in Firefox 125
Announced
April 16, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 125
...
Mozilla Foundation Security Advisory 2024-20
Security Vulnerabilities fixed in Thunderbird 11510
Announced
April 16, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 11510
...