Lucene search

[email protected]NVD:CVE-2024-6612

HistoryJul 09, 2024 - 3:15 p.m.

CVE-2024-6612

2024-07-0915:15:13

CWE-200

[email protected]

web.nvd.nist.gov

csp violations

developer tools

dns prefetch

firefox vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

16.0%

JSON

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

References

bugzilla.mozilla.org/show_bug.cgi?id=1880374

www.mozilla.org/security/advisories/mfsa2024-29/

www.mozilla.org/security/advisories/mfsa2024-32/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

16.0%

JSON

Related for NVD:CVE-2024-6612

osv3 ubuntucve1 wolfi1 cvelist1 alpinelinux1 debiancve1 vulnrichment1 cve1 ubuntu1 openvas6 nessus9 kaspersky2 mozilla2