Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-1554
HistoryFeb 20, 2024 - 12:00 a.m.

CVE-2024-1554

2024-02-2000:00:00
ubuntu.com
ubuntu.com
10
firefox
vulnerability
cache poisoning
fetch()
response
headers
navigation

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

The fetch() API and navigation incorrectly shared the same cache, as the
cache key did not include the optional headers fetch() may contain. Under
the correct circumstances, an attacker may have been able to poison the
local browser cache by priming it with a fetch() response controlled by
the additional headers. Upon navigation to the same URL, the user would see
the cached response instead of the expected response. This vulnerability
affects Firefox < 123.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%