Mozilla Firefox < 124.0.1 — RCE
An out-of-bounds memory access in Firefox's JIT compiler enables remote code execution. Update to Firefox 124.0.1 — exploited in the wild, with a privileged JavaScript execution escape chained in the same attack.
An attacker serving a malicious web page can achieve full code execution outside the Firefox sandbox, with the same privileges as the user running Firefox. This can be used to install malware, steal credentials, and establish persistence without any user interaction beyond visiting the page.
Firefox's SpiderMonkey JavaScript engine has an out-of-bounds access vulnerability (CVE-2024-29943) through a technique called "range analysis bypass." This allows JavaScript running in a web page to read and write outside the bounds of a JavaScript array object. Combined with CVE-2024-29944 (privileged JavaScript execution in the parent process), this enables a full sandbox escape.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Affected OS versions
Mozilla released an emergency patch on March 22, 2024, noting both CVEs were being exploited in the wild. The chained exploit (CVE-2024-29943 + CVE-2024-29944) provides a complete browser-to-system compromise, which is a rare and high-value attack primitive. Mozilla credited security researchers for reporting the chain after observing active exploitation.
Manual remediation steps
⏱ 5 minutes (browser restart only)Check Firefox Version
(Get-Item "C:\Program Files\Mozilla Firefox\firefox.exe").VersionInfo.FileVersion
# Vulnerable if older than 124.0.1
Update Firefox
# Via winget:
winget upgrade Mozilla.Firefox
# Or open Firefox: Help > About Firefox > Check for Updates
Verify
(Get-Item "C:\Program Files\Mozilla Firefox\firefox.exe").VersionInfo.FileVersion
# Must show 124.0.1 or later
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References