

Multiple Google Chrome Vulnerabilities
June 13, 2024
Misconfigured Kubernetes Clusters Targeted in Cryptojacking Campaign – Active IOCs
June 13, 2024
Multiple Google Chrome Vulnerabilities
June 13, 2024
Misconfigured Kubernetes Clusters Targeted in Cryptojacking Campaign – Active IOCs
June 13, 2024Severity
Medium
Analysis Summary
CVE-2024-5694 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the JavaScript engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to read memory in the JavaScript string section of the heap.
CVE-2024-5693 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a cross-origin image leak. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using Offscreen Canvas to obtain sensitive information.
CVE-2024-5702 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in networking. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to corrupt the stack and cause the browser to crash.
CVE-2024-5696 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a memory corruption in text fragments. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to corrupt memory and cause the browser to crash.
CVE-2024-5695 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-memory condition at a specific point using allocations in the probabilistic heap checker. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVE-2024-5690 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of external protocol handlers by a timing attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-5691 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions. By tricking the browser with a X-Frame-Options header, a remote attacker could exploit this vulnerability using sandboxed iframes to bypass security restrictions to open a new window.
CVE-2024-5688 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in JavaScript object transplant. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-5699 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to cookie prefixes not treated as case-sensitive. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-5697 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to the Web site detecting when Firefox was taking a screenshot of them. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-5692 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions when using the 'Save As' functionality. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass file name restrictions during saving.
CVE-2024-5687 CVSS:6.5
Mozilla Firefox for Android could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using an incorrect principal when opening new tabs.
CVE-2024-5698 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by overlaying a text box over the address bar. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the addressbar.
CVE-2024-5689 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct phishing attacks, caused by user confusion and possible phishing vector. By using Firefox Screenshots, an attacker could exploit this vulnerability to redirect a victim to arbitrary Websites.
Impact
- Denial of Service
- Gain Access
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-5694
- CVE-2024-5693
- CVE-2024-5702
- CVE-2024-5696
- CVE-2024-5695
- CVE-2024-5690
- CVE-2024-5691
- CVE-2024-5688
- CVE-2024-5699
- CVE-2024-5697
- CVE-2024-5692
- CVE-2024-5687
- CVE-2024-5698
- CVE-2024-5689
Affected Vendors
Affected Products
- Mozilla Firefox ESR 115.11
- Mozilla Firefox 126.0
- Mozilla Firefox for Android 126.0
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.