

Multiple Juniper Networks Products Vulnerabilities
July 16, 2024
Multiple Adobe Products Vulnerabilities
July 16, 2024
Multiple Juniper Networks Products Vulnerabilities
July 16, 2024
Multiple Adobe Products Vulnerabilities
July 16, 2024Severity
Medium
Analysis Summary
CVE-2024-6601 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a race condition in permission assignment. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability leading to a cross-origin container obtaining permissions of the top-level origin.
CVE-2024-6607 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to preventing a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to confuse a user into giving a site unintended permissions.
CVE-2024-6614 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the incorrect listing of stack frames. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to lead to incorrect stack traces.
CVE-2024-6612 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a CSP violation leakage when using devtools. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to leak that a CSP violation happened.
CVE-2024-6610 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error related to form validation popups capturing escape key presses. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to prevent users from exiting full-screen mode.
CVE-2024-6600 CVSS:6.5
Mozilla Firefox could allow a remote attacker to gain unauthorized access to the system, caused by a memory corruption in WebGL API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to trigger an out-of-bounds access.
CVE-2024-6613 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the incorrect listing of stack frames. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to lead to incorrect stack traces.
CVE-2024-6611 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of SameSite cookies. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trigger a cross-site navigation and send SameSite=Strict or Lax cookies.
Impact
- Information Disclosure
- Security Bypass
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-6601
- CVE-2024-6607
- CVE-2024-6614
- CVE-2024-6612
- CVE-2024-6610
- CVE-2024-6600
- CVE-2024-6613
- CVE-2024-6611
Affected Vendors
Affected Products
- Mozilla Firefox 127.0
- Mozilla Firefox ESR 115.12
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.