CVE-2024-29943
ENISA EUVD: EUVD-2024-26917 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026
3 articles
Published: 2024-03-22
EPSS Score
Source: FIRST.org · 2026-05-23
53.86%
probability
This CVE has a 53.86% probability
of being exploited in the next 30 days.
0%
Top 98.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
Affected Products
Mozilla
Firefox
unspecified
Attack Intelligence
Exploits & PoC
bjrjk/CVE-2024-29943
A Pwn2Own 2024 SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE
95
2025-02-12
seadragnol/CVE-2024-29943
Reproducing CVE-2024-29943 for Windows, based on https://github.com/bjrjk/CVE-2024-29943
2
2025-11-25
2 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
85%
EPSS
53.86%
CVSS v3.1
9.8
Mentions
3
Last Seen
May 19, 2025
CNA Information
CNA Assigner
mozilla
Analyst Note
CVE-2024-29943 is explicitly named as a Firefox zero-day actively exploited in attacks, with Mozilla releasing patch 124.0.1 in March 2024 concurrent with exploitation reports. The vulnerability was demonstrated at Pwn2Own, a controlled environment where zero-days are disclosed and patched simultaneously, confirming exploitation preceded public availability.
Triage Info
Decided atMar 05, 2026
Published DateMar 22, 2024