Login Sign Up

CVE-2024-3856

8.8 HIGH
Remote Code Execution

📋 TL;DR

A use-after-free vulnerability in Firefox's WebAssembly (WASM) garbage collection allows attackers to execute arbitrary code when users visit malicious websites. This affects all Firefox versions before 125. Attackers could exploit this to compromise user systems.

💻 Affected Systems

Products:
  • Mozilla Firefox
Versions: All versions < 125
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires JavaScript/WASM execution enabled (default).

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Arbitrary code execution within browser context, potentially leading to credential theft, session hijacking, or malware installation.

🟢

If Mitigated

Limited impact if browser sandboxing works correctly, potentially only browser crash or denial of service.

🌐 Internet-Facing: HIGH - Exploitable via malicious websites without user interaction beyond visiting the site.
🏢 Internal Only: MEDIUM - Requires user to visit malicious internal site or click malicious link.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires understanding of WASM garbage collection internals and memory corruption techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 125

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-18/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Firefox will check for updates and install Firefox 125. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents WASM execution by disabling JavaScript, but breaks most websites.

about:config → javascript.enabled = false

Disable WebAssembly

all

Specifically blocks WASM execution while keeping JavaScript enabled.

about:config → javascript.options.wasm = false

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Firefox version in menu → Help → About Firefox. If version is less than 125, system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

Confirm Firefox version is 125 or higher in About Firefox dialog.

📡 Detection & Monitoring

Log Indicators:

  • Browser crash logs with WASM-related stack traces
  • Unexpected memory access violations in browser process

Network Indicators:

  • Requests to known malicious domains hosting WASM payloads

SIEM Query:

source="firefox.logs" AND ("WASM" OR "garbage collection" OR "use-after-free") AND severity=CRITICAL

📊 Metadata

CVE ID: CVE-2024-3856
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: April 16, 2024
Last Updated: March 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3856, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)