CVE-2024-7526

2024-08-0613:15:57

CWE-908

[email protected]

web.nvd.nist.gov

vulnerability

angle

sensitive data

firefox

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.5%

JSON

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Affected configurations

Nvd

Node

mozillafirefoxRange<129.0

mozillafirefox_esrRange<115.14.0

mozillafirefox_esrMatch128.0

mozillathunderbirdRange<115.14.0

mozillathunderbirdMatch128.0.1

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillafirefox_esr128.0cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird128.0.1cpe:2.3:a:mozilla:thunderbird:128.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	firefox_esr	128.0	cpe:2.3:a:mozilla:firefox_esr:128.0:::::::*
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird	128.0.1	cpe:2.3:a:mozilla:thunderbird:128.0.1:::::::*