Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_ncscnl
Published
2024-05-15 12:29
Modified
2024-05-15 12:29
Summary
Kwetsbaarheden verholpen in Mozilla Firefox en Thunderbird
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Mozilla heeft kwetsbaarheden verholpen in Firefox en Thunderbird
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Omzeilen van beveiligingsmaatregel
- (Remote) code execution (Gebruikersrechten)
Oplossingen
Mozilla heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Firefox 126, Firefox ESR 115.11 en Thunderbird 115.11. Voor meer informatie, zie bijgevoegde referenties.
Kans
medium
Schade
medium
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CWE-416
Use After Free
CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Mozilla heeft kwetsbaarheden verholpen in Firefox en Thunderbird",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Omzeilen van beveiligingsmaatregel\n- (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Mozilla heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Firefox 126, Firefox ESR 115.11 en Thunderbird 115.11. Voor meer informatie, zie bijgevoegde referenties.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "medium",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Removal of Sensitive Information Before Storage or Transfer",
"title": "CWE-212"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - mozilla",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"category": "external",
"summary": "Source - mozilla",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"category": "external",
"summary": "Source - mozilla",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
}
],
"title": "Kwetsbaarheden verholpen in Mozilla Firefox en Thunderbird",
"tracking": {
"current_release_date": "2024-05-15T12:29:43.620890Z",
"id": "NCSC-2024-0218",
"initial_release_date": "2024-05-15T12:29:43.620890Z",
"revision_history": [
{
"date": "2024-05-15T12:29:43.620890Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "firefox_esr",
"product": {
"name": "firefox_esr",
"product_id": "CSAFPID-2332",
"product_identification_helper": {
"cpe": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "firefox",
"product": {
"name": "firefox",
"product_id": "CSAFPID-2331",
"product_identification_helper": {
"cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "thunderbird",
"product": {
"name": "thunderbird",
"product_id": "CSAFPID-2333",
"product_identification_helper": {
"cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "mozilla"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4778",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4778",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4778.json"
}
],
"title": "CVE-2024-4778"
},
{
"cve": "CVE-2024-4777",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4777",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4777.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
}
],
"title": "CVE-2024-4777"
},
{
"cve": "CVE-2024-4776",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4776",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4776.json"
}
],
"title": "CVE-2024-4776"
},
{
"cve": "CVE-2024-4775",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4775.json"
}
],
"title": "CVE-2024-4775"
},
{
"cve": "CVE-2024-4774",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4774",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4774.json"
}
],
"title": "CVE-2024-4774"
},
{
"cve": "CVE-2024-4773",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4773",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4773.json"
}
],
"title": "CVE-2024-4773"
},
{
"cve": "CVE-2024-4772",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4772",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4772.json"
}
],
"title": "CVE-2024-4772"
},
{
"cve": "CVE-2024-4771",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4771",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4771.json"
}
],
"title": "CVE-2024-4771"
},
{
"cve": "CVE-2024-4770",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4770",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4770.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
}
],
"title": "CVE-2024-4770"
},
{
"cve": "CVE-2024-4769",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4769",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4769.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
}
],
"title": "CVE-2024-4769"
},
{
"cve": "CVE-2024-4768",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"notes": [
{
"category": "other",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4768",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4768.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
}
],
"title": "CVE-2024-4768"
},
{
"cve": "CVE-2024-4767",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "other",
"text": "Improper Removal of Sensitive Information Before Storage or Transfer",
"title": "CWE-212"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4767",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4767.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
}
],
"title": "CVE-2024-4767"
},
{
"cve": "CVE-2024-4766",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4766",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4766.json"
}
],
"title": "CVE-2024-4766"
},
{
"cve": "CVE-2024-4765",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4765",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4765.json"
}
],
"title": "CVE-2024-4765"
},
{
"cve": "CVE-2024-4764",
"product_status": {
"known_affected": [
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4764",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4764.json"
}
],
"title": "CVE-2024-4764"
},
{
"cve": "CVE-2024-4367",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4367",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4367.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2332",
"CSAFPID-2333",
"CSAFPID-2331"
]
}
],
"title": "CVE-2024-4367"
}
]
}
cve-2024-4367
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Firefox |
Version: unspecified < 126 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T03:55:31.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-22T23:03:16.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1893645"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thomas Rinsma of Codean Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"value": "A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary JavaScript execution in PDF.js",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:23.486Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1893645"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4367",
"datePublished": "2024-05-14T17:21:23.486Z",
"dateReserved": "2024-04-30T19:08:43.037Z",
"dateUpdated": "2024-11-01T03:55:31.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4769
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Firefox |
Version: unspecified < 126 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:22:42.602903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351 Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:05.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886108"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shaheen Fazim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When importing resources using Web Workers, error messages would distinguish the difference between \u003ccode\u003eapplication/javascript\u003c/code\u003e responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"value": "When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-origin responses could be distinguished between script and non-script content-types",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:24.318Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886108"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4769",
"datePublished": "2024-05-14T17:21:24.318Z",
"dateReserved": "2024-05-10T17:37:06.045Z",
"dateUpdated": "2024-08-01T20:47:41.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4774
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:31:39.966522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:50.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886598"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ronald Crane"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \u003ccode\u003eShmemCharMapHashEntry()\u003c/code\u003e code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox \u003c 126."
}
],
"value": "The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Undefined behavior in ShmemCharMapHashEntry()",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:26.609Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886598"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4774",
"datePublished": "2024-05-14T17:21:26.609Z",
"dateReserved": "2024-05-10T17:37:19.028Z",
"dateUpdated": "2024-08-01T20:47:41.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4768
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-11-21 16:03
Severity ?
EPSS score ?
Summary
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Firefox |
Version: unspecified < 126 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:37:43.312324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:03:03.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886082"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hafiizh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in popup notifications\u0027 interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"value": "A bug in popup notifications\u0027 interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Potential permissions request bypass via clickjacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:24.047Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886082"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4768",
"datePublished": "2024-05-14T17:21:24.047Z",
"dateReserved": "2024-05-10T17:37:04.311Z",
"dateUpdated": "2024-11-21T16:03:03.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4772
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-11-20 15:25
Severity ?
EPSS score ?
Summary
An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:24:50.455363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:25:54.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870579"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hanno B\u00f6ck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An HTTP digest authentication nonce value was generated using \u003ccode\u003erand()\u003c/code\u003e which could lead to predictable values. This vulnerability affects Firefox \u003c 126."
}
],
"value": "An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of insecure rand() function to generate nonce",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:26.111Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870579"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4772",
"datePublished": "2024-05-14T17:21:26.111Z",
"dateReserved": "2024-05-10T17:37:14.138Z",
"dateUpdated": "2024-11-20T15:25:54.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4767
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Firefox |
Version: unspecified < 126 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:46:26.210208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:05.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878577"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kim Do Hun via Tor Browser"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If the \u003ccode\u003ebrowser.privatebrowsing.autostart\u003c/code\u003e preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"value": "If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "IndexedDB files retained in private browsing mode",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:23.746Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878577"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4767",
"datePublished": "2024-05-14T17:21:23.746Z",
"dateReserved": "2024-05-10T17:37:01.623Z",
"dateUpdated": "2024-08-01T20:47:41.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4777
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Firefox |
Version: unspecified < 126 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T14:05:30.388412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:22.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:09.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11",
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Holbert and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"value": "Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:24.864Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4777",
"datePublished": "2024-05-14T17:21:24.864Z",
"dateReserved": "2024-05-10T17:37:25.404Z",
"dateUpdated": "2024-08-01T20:55:09.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4775
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:07:39.362946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-431",
"description": "CWE-431 Missing Handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:05.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887332"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lukas Bernhard"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox \u003c 126."
}
],
"value": "An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid memory access in the built-in profiler",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:26.862Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887332"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4775",
"datePublished": "2024-05-14T17:21:26.862Z",
"dateReserved": "2024-05-10T17:37:20.908Z",
"dateUpdated": "2024-08-01T20:47:41.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4770
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Firefox |
Version: unspecified < 126 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T14:03:13.815412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T16:32:22.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1893270"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irvan Kurniawan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"value": "When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free could occur when printing to PDF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:24.594Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1893270"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-23/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4770",
"datePublished": "2024-05-14T17:21:24.594Z",
"dateReserved": "2024-05-10T17:37:08.743Z",
"dateUpdated": "2024-08-01T20:47:41.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4773
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T14:13:57.757379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T16:35:01.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875248"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Islam"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox \u003c 126."
}
],
"value": "When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL bar could be cleared after network error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:26.363Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875248"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4773",
"datePublished": "2024-05-14T17:21:26.363Z",
"dateReserved": "2024-05-10T17:37:16.642Z",
"dateUpdated": "2024-08-01T20:47:41.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4764
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "126*",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:02:29.273742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:43.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879093"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jan-Ivar Bruaroey"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox \u003c 126."
}
],
"value": "Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free when audio input connected with multiple consumers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:25.110Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879093"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4764",
"datePublished": "2024-05-14T17:21:25.110Z",
"dateReserved": "2024-05-10T17:36:54.780Z",
"dateUpdated": "2024-08-01T20:47:41.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4766
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-11-26 13:34
Severity ?
EPSS score ?
Summary
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T16:35:57.787919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T14:26:10.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871214"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871217"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hafiizh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks.\u003cbr\u003e*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 126."
}
],
"value": "Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fullscreen notification could have been obscured on Firefox for Android",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T13:34:08.972Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871214"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871217"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4766",
"datePublished": "2024-05-14T17:21:25.583Z",
"dateReserved": "2024-05-10T17:36:59.599Z",
"dateUpdated": "2024-11-26T13:34:08.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4771
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:126:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:40:13.746514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:52:20.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1893891"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irvan Kurniawan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 126."
}
],
"value": "A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Failed allocation could lead to use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:25.853Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1893891"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4771",
"datePublished": "2024-05-14T17:21:25.853Z",
"dateReserved": "2024-05-10T17:37:11.859Z",
"dateUpdated": "2024-08-01T20:47:41.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4765
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-29 20:28
Severity ?
EPSS score ?
Summary
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871109"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T18:46:51.056911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:28:35.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dana Keeler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application\u0027s manifest. This could have been exploited to run arbitrary code in another application\u0027s context. \u003cbr\u003e*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 126."
}
],
"value": "Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application\u0027s manifest. This could have been exploited to run arbitrary code in another application\u0027s context. \n*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Web application manifests could have been overwritten via hash collision",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:25.339Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871109"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4765",
"datePublished": "2024-05-14T17:21:25.339Z",
"dateReserved": "2024-05-10T17:36:57.151Z",
"dateUpdated": "2024-08-29T20:28:35.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4776
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:47
Severity ?
EPSS score ?
Summary
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T14:16:16.378925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:32.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887343"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raphael"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox \u003c 126."
}
],
"value": "A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Window may remain disabled after file dialog is shown in full-screen",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:27.154Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887343"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4776",
"datePublished": "2024-05-14T17:21:27.154Z",
"dateReserved": "2024-05-10T17:37:22.836Z",
"dateUpdated": "2024-08-01T20:47:41.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4778
Vulnerability from cvelistv5
Published
2024-05-14 17:21
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:125:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:42:04.577142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1260",
"description": "CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:34.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:08.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox 126",
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1838834%2C1889291%2C1889595%2C1890204%2C1891545"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 126."
}
],
"value": "Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 126",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:21:27.420Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox 126",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1838834%2C1889291%2C1889595%2C1890204%2C1891545"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-4778",
"datePublished": "2024-05-14T17:21:27.420Z",
"dateReserved": "2024-05-10T17:37:25.581Z",
"dateUpdated": "2024-08-01T20:55:08.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.