CVE-2024-7521 – A use-after-free vulnerability in WebAssembly e... (How to Fix)

Q: How do I fix CVE-2024-7521?

1. Open browser/mail client. 2. Go to Help > About Firefox/Thunderbird. 3. Allow automatic update or download latest version from mozilla.org. 4. Restart application.

Q: What is the severity of CVE-2024-7521?

CVE-2024-7521 has a CVSS score of 8.8 (HIGH). A use-after-free vulnerability in WebAssembly exception handling in Mozilla products could allow remote code execution. This affects Firefox, Firefox ESR, and Thunderbird users running outdated versions. Attackers could exploit this by tricking users into visiting malicious websites.

📋 TL;DR

A use-after-free vulnerability in WebAssembly exception handling in Mozilla products could allow remote code execution. This affects Firefox, Firefox ESR, and Thunderbird users running outdated versions. Attackers could exploit this by tricking users into visiting malicious websites.

💻 Affected Systems

Products:

Firefox
Firefox ESR
Thunderbird

Versions: Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, Thunderbird < 115.14

Operating Systems: All platforms where affected browsers run

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. WebAssembly must be enabled (default).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crash or arbitrary code execution within browser context, potentially stealing cookies/session data.

🟢

If Mitigated

No impact if patched; limited impact if browser sandboxing contains the exploit.

🌐 Internet-Facing: HIGH - Exploitable via malicious websites without user interaction beyond visiting the site.

🏢 Internal Only: MEDIUM - Requires user to visit malicious internal site or external site through browser.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires WebAssembly execution and specific exception handling conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 129+, Firefox ESR 115.14+, Firefox ESR 128.1+, Thunderbird 128.1+, Thunderbird 115.14+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-33/

Restart Required: Yes

Instructions:

1. Open browser/mail client. 2. Go to Help > About Firefox/Thunderbird. 3. Allow automatic update or download latest version from mozilla.org. 4. Restart application.

🔧 Temporary Workarounds

Disable WebAssembly

all

Disable WebAssembly execution in browser to prevent exploitation.

about:config -> javascript.options.wasm = false

Use Content Security Policy

all

Restrict WebAssembly execution via CSP headers on web servers.

Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

Restrict browser usage to trusted sites only via network policies.
Implement application whitelisting to prevent unauthorized browser execution.

🔍 How to Verify

Check if Vulnerable:

Check browser version in Help > About. If version is below patched versions, system is vulnerable.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is at or above patched versions after update.

📡 Detection & Monitoring

Log Indicators:

Browser crash logs with WebAssembly-related exceptions
Unexpected WebAssembly module loads

Network Indicators:

Requests to known malicious domains serving WebAssembly content
Unusual WebAssembly traffic patterns

SIEM Query:

source="browser_logs" AND ("WebAssembly" OR "wasm") AND ("exception" OR "crash")

📊 Metadata

CVE ID: CVE-2024-7521

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-755

Published: August 6, 2024

Last Updated: August 12, 2024

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1904644 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-33/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-34/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-35/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-37/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-38/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7521, you might also want to check these: