Lucene search

GoogleOSV:USN-6610-1

HistoryJan 29, 2024 - 11:21 a.m.

firefox vulnerabilities

2024-01-2911:21:22

Google

osv.dev

firefox

security issues

denial of service

information disclosure

arbitrary code execution

malicious website

print preview dialog

memory management

cve-2024-0741

cve-2024-0742

cve-2024-0743

cve-2024-0744

cve-2024-0745

cve-2024-0746

cve-2024-0747

cve-2024-0748

cve-2024-0749

cve-2024-0750

cve-2024-0751

cve-2024-0753

cve-2024-0754

cve-2024-0755

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-0741,
CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,
CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0754, CVE-2024-0755)

Cornel Ionce discovered that Firefox did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-0746)