Lucene search

GoogleOSV:CVE-2024-6612

HistoryJul 10, 2024 - 12:00 a.m.

CVE-2024-6612

2024-07-1000:00:00

Google

osv.dev

csp violations

developer tools

dns prefetch

vulnerability

firefox

thunderbird

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

JSON

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

References

bugzilla.mozilla.org/show_bug.cgi?id=1880374

ubuntu.com/security/CVE-2024-6612

ubuntu.com/security/notices/USN-6890-1

www.cve.org/CVERecord?id=CVE-2024-6612

www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6612

www.mozilla.org/security/advisories/mfsa2024-29/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

JSON

Related for OSV:CVE-2024-6612