Lucene search

GoogleOSV:CVE-2024-6611

HistoryJul 10, 2024 - 12:00 a.m.

CVE-2024-6611

2024-07-1000:00:00

Google

osv.dev

cross-site navigation

samesite cookies

firefox

thunderbird

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.8

Confidence

Low

JSON

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

References

bugzilla.mozilla.org/show_bug.cgi?id=1844827

ubuntu.com/security/CVE-2024-6611

ubuntu.com/security/notices/USN-6890-1

www.cve.org/CVERecord?id=CVE-2024-6611

www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6611

www.mozilla.org/security/advisories/mfsa2024-29/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.8

Confidence

Low

JSON

Related for OSV:CVE-2024-6611