CVE-2024-7530: 
NixOS vulnerability analysis and mitigation

CVE-2024-7530 is a security vulnerability discovered in Mozilla Firefox versions prior to 129. The vulnerability was identified as a use-after-free issue caused by incorrect garbage collection interaction in JavaScript code coverage collection. The issue was reported by Christian Holler and was publicly disclosed on August 6, 2024 (Mozilla Advisory, NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue. It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction required. The CISA-ADP assessment assigned an even higher CVSS score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to memory corruption through use-after-free exploitation, which could result in high impacts on confidentiality, integrity, and availability of the affected system. The severity is rated as moderate to high, depending on the assessment source (Mozilla Advisory, NVD).

The vulnerability has been fixed in Firefox version 129. Users are advised to update to Firefox version 129 or later to mitigate this security issue. For Ubuntu systems, the fix has been released as version 129.0.1+build1-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS (Ubuntu Security).