CVE-2024-3864: 
NixOS vulnerability analysis and mitigation

A memory safety vulnerability (CVE-2024-3864) was discovered in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. The vulnerability was disclosed on April 16, 2024, and affects these applications until they were patched in their respective newer versions: Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10 (Mozilla Advisory).

The vulnerability is characterized as a memory safety bug that shows evidence of memory corruption. According to security assessments, it has been assigned a high severity rating with a CVSS v3.1 base score of 8.1 (HIGH) by CISA-ADP, with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially be exploited to run arbitrary code on affected systems. The issue affects multiple Mozilla products including Firefox, Firefox ESR, and Thunderbird, potentially exposing users to remote code execution attacks (Mozilla Advisory).

The vulnerability has been fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Users are advised to upgrade to these versions or later to mitigate the risk. The fix was released as part of a larger security update addressing multiple vulnerabilities (Mozilla Advisory, Debian Advisory).