Arbitrary JavaScript Execution Vulnerability Affects Firefox < 124.0.1 and Firefox ESR < 115.9.1
CVE-2024-29944

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Firefox Esr
Vendor
CVE Published:
22 March 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

Affected Version(s)

Firefox < 124.0.1

Firefox ESR < 115.9.1

News Articles

favicon imageunSafe.sh

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

9 months ago

favicon imageSecurity Affairs

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.

9 months ago

favicon imageCybersecurityNews

2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now

Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox

9 months ago

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1886852
https://www.mozilla.org/security/advisories/mfsa2024-15/
https://www.mozilla.org/security/advisories/mfsa2024-16/

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by securityonline.info

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database8 News Article(s)

Credit

Manfred Paul via Trend Micro's Zero Day Initiative
.