CVE-2024-7652

CVE-2024-7652: Type Confusion in Async Generators in Javascript Engine

Vendor Mozilla

Product Firefox

Published September 6, 2024

Last update October 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Key dates

Disclosure timeline

September 6, 2024 CVE published

October 30, 2025 Record updated

Identifiers

CVE CVE-2024-7652

Affected versions

Vendor Mozilla

Product Firefox

Affected ≥ unspecified and < 128

Vendor Mozilla

Product Firefox ESR

Affected ≥ unspecified and < 115.13

Vendor Mozilla

Product Thunderbird

Affected ≥ unspecified and < 115.13

Vendor Mozilla

Product Thunderbird

Affected ≥ unspecified and < 128