CVE-2024-6613 is a vulnerability identified in Mozilla Firefox and Thunderbird prior to version 128, where the frame iterator component can enter an infinite loop when encountering specific WebAssembly (wasm) frames. This flaw causes the stack trace generation process to malfunction, resulting in incorrect stack traces and ultimately leading to application crashes. The vulnerability is classified under CWE-209, which relates to information exposure through an error message, but in this case, the primary impact is on availability due to the denial of service condition caused by the infinite loop. The CVSS 3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). No known exploits have been reported in the wild, and no patches have been linked yet, though Mozilla is expected to release updates addressing this issue. The vulnerability affects Firefox and Thunderbird users who process malicious wasm frames, potentially causing service interruptions and instability in affected applications.

For European organizations, the primary impact of CVE-2024-6613 is on the availability of Firefox and Thunderbird applications. Since these are widely used browsers and email clients, especially in corporate and governmental environments, a successful exploitation could disrupt normal operations by causing application crashes or hangs. This could lead to productivity losses, interruptions in communication, and potential delays in critical workflows. Although the vulnerability does not compromise confidentiality or integrity, the denial of service effect could be leveraged in targeted attacks to cause operational disruptions. Organizations relying heavily on Firefox and Thunderbird for daily operations, particularly those with local users who might inadvertently trigger the flaw, are at risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation once details become public.

Organizations should monitor Mozilla's official channels for the release of patches addressing CVE-2024-6613 and apply updates to Firefox and Thunderbird promptly once available, specifically upgrading to version 128 or later. Until patches are released, organizations can mitigate risk by restricting local user access to untrusted WebAssembly content, for example, by controlling browser usage policies or disabling wasm execution where feasible. User education to avoid interacting with suspicious web content or email attachments containing wasm frames can reduce the likelihood of triggering the vulnerability. Additionally, implementing application crash monitoring and automated restart mechanisms can help maintain availability in case of unexpected crashes. Network-level controls such as web filtering to block known malicious wasm payloads may provide an additional layer of defense. Regular backups and incident response readiness will help minimize operational impact if exploitation occurs.