Request a Demo
Rewterz
Multiple Juniper Networks Products Vulnerabilities
July 16, 2024
Rewterz
Multiple Adobe Products Vulnerabilities
July 16, 2024

Multiple Mozilla Firefox Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-6601 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a race condition in permission assignment. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability leading to a cross-origin container obtaining permissions of the top-level origin.

CVE-2024-6607 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to preventing a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to confuse a user into giving a site unintended permissions.

CVE-2024-6614 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the incorrect listing of stack frames. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to lead to incorrect stack traces.

CVE-2024-6612 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a CSP violation leakage when using devtools. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to leak that a CSP violation happened.

CVE-2024-6610 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to form validation popups capturing escape key presses. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to prevent users from exiting full-screen mode.

CVE-2024-6600 CVSS:6.5

Mozilla Firefox could allow a remote attacker to gain unauthorized access to the system, caused by a memory corruption in WebGL API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to trigger an out-of-bounds access.

CVE-2024-6613 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the incorrect listing of stack frames. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to lead to incorrect stack traces.

CVE-2024-6611 CVSS:6.5

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of SameSite cookies. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trigger a cross-site navigation and send SameSite=Strict or Lax cookies.

Impact

  • Information Disclosure
  • Security Bypass
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2024-6601
  • CVE-2024-6607
  • CVE-2024-6614
  • CVE-2024-6612
  • CVE-2024-6610
  • CVE-2024-6600
  • CVE-2024-6613
  • CVE-2024-6611

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox 127.0
  • Mozilla Firefox ESR 115.12

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory