Request a Demo
Rewterz
Multiple Microsoft Windows Products Vulnerabilities
July 12, 2024
Rewterz
AsyncRAT – Active IOCs
July 13, 2024

Multiple Mozilla Firefox Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-6604 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-6602 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption in NSS. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-6605 CVSS:8.8

Mozilla Firefox for Android could allow a remote attacker to gain elevated privileges on the system, caused by the immediate interaction with permission prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a tapjacking attack.

CVE-2024-6606 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by out-of-bounds read in clipboard component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-6608 CVSS:8.8

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to moving the cursor using pointerlock from an iframe. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to move the cursor outside of the viewport and the Firefox window.

CVE-2024-6609 CVSS:8.8

Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in NSS. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-6615 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2024-6603 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in thread creation. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Gain Access
  • Security Bypass

Indicators of Compromise

CVE

  • CVE-2024-6604
  • CVE-2024-6602
  • CVE-2024-6605
  • CVE-2024-6606
  • CVE-2024-6608
  • CVE-2024-6609
  • CVE-2024-6615
  • CVE-2024-6603

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox 127.0
  • Mozilla Firefox ESR 115.12
  • Mozilla Firefox for Android 127.0

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory