以下是关于漏洞的关键信息,以简洁的Markdown格式表示: Bug ID: 1895579 (CVE-2024-5695) Summary: Access-violation read on MozJemallocPHC::moz_arena_realloc -> AllocInfo::Get (after malloc failure on MaybePageRealloc) Status: Closed, Resolved Fixed Product and Component: Core > Memory Allocator Type: Defect Priority: Not set Severity: -- Keywords: sec-bounty? Description: - Issue: - Firefox tab crashes with access violation on AllocInfo::Get after a failure in MozJemalloc::moz_arena_malloc function during low memory conditions. - Steps to reproduce: 1. Apply PHC-MaybePageRealloc.patch 2. Compile Firefox 3. Visit JetStream benchmark 4. After loading benchmark is completed 5. Click Start Test 6. Observe access-violation on AllocInfo::Get Attachments: - PHC-MaybePageRealloc.patch - log_minidump_00.txt - log_minidump_00_archlinux.txt Fixed Versions: - Firefox 125 - Firefox 126 - Firefox 127 - Firefox 128 Security Related Discussion: - Patch fixes the crash caused by access violation - Risk of security vulnerability due to misinterpretation of return values in code - flagged as security issue due to potential memory corruption issues.