CVE-2024-0744: 
NixOS vulnerability analysis and mitigation

CVE-2024-0744 is a high-severity vulnerability discovered in Firefox's JavaScript engine that affects versions prior to 122. The vulnerability was disclosed on January 23, 2024, and involves circumstances where JIT (Just-In-Time) compiled code could dereference a wild pointer value, potentially leading to an exploitable crash (Mozilla Advisory, NVD).

The vulnerability stems from an issue in Firefox's baseline IC (Inline Cache) implementation of inlined constructors. During constructor calls, the ICStubReg is spilled to the stack before CreateThis operation. If a garbage collection occurs during CreateThis and discards jitcode, the ICStub becomes active on the stack and gets cloned. However, upon return, the code reloads the spilled version of ICStubReg instead of the updated version from the frame, leading to a stale pointer dereference (Mozilla Bug). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to an exploitable crash in Firefox. When exploited, the bug could allow an attacker to trigger memory corruption through the dereferencing of wild pointer values in JIT-compiled code (Mozilla Advisory).

The vulnerability has been fixed in Firefox version 122. The fix involves modifying the code to load the ICStub from the frame instead of using the separately stored version. Mozilla has released patches for affected versions, and users are advised to upgrade to Firefox 122 or later (Mozilla Advisory).