Lucene search

Veracode Vulnerability DatabaseVERACODE:45581

HistoryFeb 22, 2024 - 4:16 a.m.

Cache Poisoning

2024-02-2204:16:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cache poisoning

firefox

vulnerability

browser

headers

fetch api

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

firefox is vulnerable to Cache Poisoning. The vulnerability is due to incorrect sharing of cache between the fetch() API and navigation, as the cache key does not include optional headers that fetch() may contain. It allows an attacker could potentially poison the local browser cache by priming it with a fetch() response controlled by additional headers.nstead of the expected response.

CPENameOperatorVersion
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1

Name	Operator	Version
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1

References

bugzilla.mozilla.org/show_bug.cgi?id=1816390

security-tracker.debian.org/tracker/CVE-2024-1554

www.mozilla.org/security/advisories/mfsa2024-05/