CVE-2024-0754: 
NixOS vulnerability analysis and mitigation

CVE-2024-0754 is a security vulnerability discovered in Firefox versions prior to 122 where certain WebAssembly (WASM) source files could trigger a crash when loaded in the browser's developer tools (devtools). The vulnerability was reported by Christian Holler and was fixed in Firefox 122, released in January 2024 (Mozilla Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The technical issue involved a crash in the JSObject::getClass function when handling WASM files in the debugger context. The implementation related to reference type results in tail calls was incomplete, which led to the vulnerability (NVD).

The vulnerability's impact is classified as moderate, primarily affecting the availability of the browser through a crash in the developer tools when processing certain WASM files. The vulnerability does not affect confidentiality or integrity of the system (Mozilla Advisory).

The vulnerability has been fixed in Firefox version 122. Users are advised to upgrade to Firefox 122 or later to receive the security fix. The fix involved implementing different LeaveFrame markers for tail calls to properly handle reference type results (Mozilla Advisory).