April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
New Linux Version of Mallox Ransomware Based on Leaked Kryptina Code – Active IOCs
September 24, 2024Over 11 Million Android Devices Infected with ‘Necro’ Spyware Through Google Play – Active IOCs
September 24, 2024New Linux Version of Mallox Ransomware Based on Leaked Kryptina Code – Active IOCs
September 24, 2024Over 11 Million Android Devices Infected with ‘Necro’ Spyware Through Google Play – Active IOCs
September 24, 2024
Severity
Medium
Analysis Summary
CVE-2024-8900 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error during a certain sequence of navigational events. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass the user prompt and write data to the user's clipboard.
CVE-2024-8897 CVSS:6.5
Mozilla Firefox for Android could allow a remote attacker to conduct spoofing attacks, caused by an error after server-side redirect. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the address bar contents.
CVE-2024-8394 CVSS:6.5
Mozilla Thunderbird is vulnerable to a denial of service, caused by a use-after-free when aborting the verification of an OTR chat session. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
Impact
- Security Bypass
- Gain Access
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-8900
- CVE-2024-8897
- CVE-2024-8394
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox - 128.0
- Mozilla Firefox for Android - 130.00
- Mozilla Thunderbird - 128.1
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
