Lucene search
MozillaCVELIST:CVE-2024-7524HistoryAug 06, 2024 - 12:38 p.m.
CVE-2024-7524
2024-08-0612:38:13
mozilla
www.cve.org
4
firefox
xss
csp
cve-2024-7524
EPSS
0.001
Percentile
21.9%
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in “strict-dynamic” mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
CNA Affected
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-7524
2024-08-06 12:38:13
nvd
nvd
CVE-2024-7524
2024-08-06 13:15:57
alpinelinux
alpinelinux
CVE-2024-7524
2024-08-06 13:15:57
osv
osv
CVE-2024-7524
2024-08-06 13:15:57
firefox-esr - security update
2024-08-07 00:00:00
Important: firefox security update
2024-08-14 00:00:00
wolfi
wolfi
CVE-2024-7524 vulnerabilities
2024-09-19 09:11:50
debiancve
debiancve
CVE-2024-7524
2024-08-06 13:15:57
ubuntucve
ubuntucve
CVE-2024-7524
2024-08-06 00:00:00
cve
cve
CVE-2024-7524
2024-08-06 13:15:57
redhatcve
redhatcve
CVE-2024-7524
2024-08-07 16:08:44
nessus
nessus
FreeBSD : firefox -- multiple vulnerabilities (5e4d7172-66b8-11ef-b104-b42e991fc52e)
2024-08-30 00:00:00
Debian dsa-5740 : firefox-esr - security update
2024-08-07 00:00:00
Mozilla Firefox ESR < 115.14
2024-08-06 00:00:00
freebsd
freebsd
firefox -- multiple vulnerabilities
2024-08-06 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5740-1)
2024-08-07 00:00:00
Slackware: Security Advisory (SSA:2024-219-01)
2024-08-07 00:00:00
Mozilla Firefox ESR Security Update (mfsa_2024-34) - Windows
2024-08-08 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla
2024-08-06 00:00:00
Security Vulnerabilities fixed in Firefox ESR 128.1 — Mozilla
2024-08-06 00:00:00
Security Vulnerabilities fixed in Firefox 129 — Mozilla
2024-08-06 00:00:00
kaspersky
kaspersky
KLA71398 Multiple vulnerabilities in Mozilla Firefox ESR
2024-08-06 00:00:00
KLA71399 Multiple vulnerabilities in Mozilla Firefox ESR
2024-08-06 00:00:00
KLA71397 Multiple vulnerabilities in Mozilla Firefox
2024-08-06 00:00:00
redos
redos
ROS-20240828-03
2024-08-28 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2024-08-07 04:09:07
oraclelinux
oraclelinux
firefox security update
2024-08-14 00:00:00
firefox security update
2024-08-13 00:00:00
almalinux
almalinux
Important: firefox security update
2024-08-15 00:00:00
Important: firefox security update
2024-08-14 00:00:00
redhat
redhat
(RHSA-2024:5391) Important: firefox security update
2024-08-14 11:17:19
(RHSA-2024:5322) Important: firefox security update
2024-08-13 16:11:11
(RHSA-2024:5324) Important: firefox security update
2024-08-13 16:11:29
ubuntu
ubuntu
Firefox regressions
2024-08-21 00:00:00
Firefox vulnerabilities
2024-08-19 00:00:00