CVE-2024-2615: 
NixOS vulnerability analysis and mitigation

CVE-2024-2615 is a critical vulnerability discovered in Firefox 123 that was fixed in Firefox 124. The vulnerability, disclosed on March 19, 2024, involves memory safety bugs that showed evidence of memory corruption. These bugs affect Firefox versions prior to 124.0 (Mozilla Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-787 (Out-of-bounds Write). The vulnerability stems from memory safety bugs that could potentially be exploited to achieve arbitrary code execution through memory corruption (NVD).

The vulnerability could potentially allow attackers to execute arbitrary code on affected systems without user interaction. This means attackers could potentially install programs, view or modify data, or create new accounts with full user rights on affected systems (Security Online).

The vulnerability has been fixed in Firefox 124. Users are strongly advised to update their Firefox installations to version 124.0 or later. The update should be applied automatically, but users can manually check for updates through the Firefox Help menu > About Firefox (Security Online).