

Multiple WordPress Plugins Vulnerabilities
May 15, 2024
PoC Exploit for RCE Zero-Day in D-Link EXO AX4800 Routers Released Publicly
May 15, 2024
Multiple WordPress Plugins Vulnerabilities
May 15, 2024
PoC Exploit for RCE Zero-Day in D-Link EXO AX4800 Routers Released Publicly
May 15, 2024Severity
High
Analysis Summary
CVE-2024-4367 CVSS: 8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a missing type check when handling fonts in PDF.js. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-4768 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a bug in popup notifications' interaction with WebAuthn. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trick a user into granting permissions.
CVE-2024-4778 CVSS: 8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-4774 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by undefined behavior in ShmemCharMapHashEntry(). By bypassing the move semantics for one of its data members, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-4767 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly delete IndexedDB files when the window was closed when the browser.privatebrowsing.autostart preference is enabled. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-4764 CVSS: 8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when audio input connected with multiple consumers. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-4771 CVSS: 6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free if the allocation failed. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2024-4775 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by invalid memory access in the built-in profilers. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-4777 CVSS: 8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-4770 CVSS: 6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when printing to PDF. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2024-4765 CVSS: 8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the storing of web application manifests using an insecure MD5 hash. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to allow a hash collision to overwrite another application's manifest to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2024-4766 CVSS: 6.5
Mozilla Firefox for Android could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of fullscreen notification. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct spoofing attacks.
CVE-2024-4773 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when a network error occurs during page load. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct spoofing attacks.
CVE-2024-4772 CVSS: 6.5
Mozilla Firefox could provide weaker than expected security, caused by the use of insecure rand() function to generate nonce. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to lead to predictable values.
CVE-2024-4776 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a window remaining disabled after file dialog is shown in full-screen. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-4769 CVSS: 6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the distinguishing of cross-origin responses between script and non-script content-types. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to learn information cross-origin.
Impact
- Denial of Service
- Code Execution
- Security Bypass
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-4367
- CVE-2024-4768
- CVE-2024-4778
- CVE-2024-4774
- CVE-2024-4767
- CVE-2024-4764
- CVE-2024-4771
- CVE-2024-4775
- CVE-2024-4777
- CVE-2024-4770
- CVE-2024-4765
- CVE-2024-4766
- CVE-2024-4773
- CVE-2024-4772
- CVE-2024-4776
- CVE-2024-4769
Affected Vendors
Affected Products
- Mozilla Firefox 125.0
- Mozilla Firefox ESR 115.10
- Mozilla Thunderbird 115.10
- Mozilla Firefox for Android 125.0
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.