CVE-2024-4776

2024-05-1400:00:00

ubuntu.com

firefox

file dialog

full-screen

vulnerability

firefox <126

javascript engine

thunderbird snap

ubuntu 22.04

ubuntu 24.04

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H

AI Score

6.2

Confidence

Low

EPSS

Percentile

9.0%

JSON

A file dialog shown while in full-screen mode could have resulted in the
window remaining disabled. This vulnerability affects Firefox < 126.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfirefox< 126.0+build2-0ubuntu0.20.04.1UNKNOWN
ubuntu22.04noarchmozjs102< anyUNKNOWN
ubuntu24.04noarchmozjs102< anyUNKNOWN
ubuntu18.04noarchmozjs38< anyUNKNOWN
ubuntu18.04noarchmozjs52< anyUNKNOWN
ubuntu20.04noarchmozjs52< anyUNKNOWN
ubuntu20.04noarchmozjs68< anyUNKNOWN
ubuntu22.04noarchmozjs78< anyUNKNOWN
ubuntu22.04noarchmozjs91< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	firefox	< 126.0+build2-0ubuntu0.20.04.1	UNKNOWN
ubuntu	22.04	noarch	mozjs102	< any	UNKNOWN
ubuntu	24.04	noarch	mozjs102	< any	UNKNOWN
ubuntu	18.04	noarch	mozjs38	< any	UNKNOWN
ubuntu	18.04	noarch	mozjs52	< any	UNKNOWN
ubuntu	20.04	noarch	mozjs52	< any	UNKNOWN
ubuntu	20.04	noarch	mozjs68	< any	UNKNOWN
ubuntu	22.04	noarch	mozjs78	< any	UNKNOWN
ubuntu	22.04	noarch	mozjs91	< any	UNKNOWN