Arbitrary JavaScript Execution Vulnerability Affects Firefox < 124.0.1 and Firefox ESR < 115.9.1

CVE-2024-29944

Currently unrated 🤨

Key Information

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 22 March 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

Affected Version(s)

Firefox < 124.0.1

Firefox ESR < 115.9.1

News Articles

CVE-2024-29943CVE-2024-29944

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

8 months ago

thmubnail image

Security Affairs

CVE-2024-29943CVE-2024-29944

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.

8 months ago

thmubnail image

CybersecurityNews

CVE-2024-29944CVE-2024-29943

2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now

Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox

8 months ago

thmubnail image

Timeline

👾
Exploit exists.
Aug 28, 2024
First article discovered by securityonline.info
Mar 23, 2024
Vulnerability published.
Mar 22, 2024
Vulnerability Reserved.
Mar 21, 2024

Collectors

NVD DatabaseMitre Database8 News Article(s)

Credit

Manfred Paul via Trend Micro's Zero Day Initiative

.