CVE-2024-6612
Gentoo Linux Security Advisory 202412-04
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128.
Las infracciones de CSP generaron enlaces en la pestaña de la consola de las herramientas de desarrollador, que apuntaban al recurso infractor. Esto provocó una captación previa de DNS que filtró que se había producido una infracción de CSP. Esta vulnerabilidad afecta a Firefox < 128.
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution. Versions greater than or equal to 123.3.1:esr are affected.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-07-09 CVE Reserved
- 2024-07-09 CVE Published
- 2024-07-17 EPSS Updated
- 2024-09-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1880374 | ||
| https://www.mozilla.org/security/advisories/mfsa2024-29 | ||
| https://www.mozilla.org/security/advisories/mfsa2024-32 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | * | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | * | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Packagehub Search vendor "Suse" for product "Packagehub" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-desktop-applications Search vendor "Suse" for product "Sle-module-desktop-applications" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-sdk Search vendor "Suse" for product "Sle-sdk" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-we Search vendor "Suse" for product "Sle-we" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||