Unrated severityNVD Advisory· Published Sep 6, 2024· Updated Oct 30, 2025
Type Confusion in Async Generators in Javascript Engine
CVE-2024-7652
Description
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Affected products
6- osv-coords3 versions
< 128.2.0-1.el9_4.alma.1+ 2 more
- (no CPE)range: < 128.2.0-1.el9_4.alma.1
- (no CPE)range: < 128.2.0-1.el9_4.alma.1
- (no CPE)range: < 128.2.0-1.el9_4.alma.1
- Range: unspecified
- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- bugzilla.mozilla.org/show_bug.cgimitre
- github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9rmitre
- www.mozilla.org/security/advisories/mfsa2024-29/mitre
- www.mozilla.org/security/advisories/mfsa2024-30/mitre
- www.mozilla.org/security/advisories/mfsa2024-31/mitre
- www.mozilla.org/security/advisories/mfsa2024-32/mitre
News mentions
0No linked articles in our index yet.