CVE-2024-5687
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec-* headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.
This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 127.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 127 | affected |
Weaknesses
- An incorrect principal could have been used when opening new tabs
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1889066
- https://www.mozilla.org/security/advisories/mfsa2024-25/
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1889066
- https://www.mozilla.org/security/advisories/mfsa2024-25/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.