CVE-2024-3852
Publication date 16 April 2024
Last updated 26 August 2025
Ubuntu priority
Description
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mozjs52 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| firefox | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 125.0.2+build1-0ubuntu0.20.04.2
|
|
| thunderbird | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Fixed 1:115.10.1+build1-0ubuntu0.22.04.1
|
|
| 20.04 LTS focal |
Fixed 1:115.10.1+build1-0ubuntu0.20.04.1
|
|
| mozjs38 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| mozjs68 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored | |
| mozjs78 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Ignored | |
| 20.04 LTS focal | Not in release | |
| mozjs91 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Ignored | |
| 20.04 LTS focal | Not in release | |
| mozjs102 | 24.04 LTS noble | Ignored |
| 22.04 LTS jammy | Ignored | |
| 20.04 LTS focal | Not in release |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6747-1
- Firefox vulnerabilities
- 24 April 2024
- USN-6750-1
- Thunderbird vulnerabilities
- 25 April 2024