Insecure MD5 Hash Vulnerability Affects Firefox for Android

CVE-2024-4765

Currently unrated 🤨

Key Information

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 14 May 2024

Summary

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.

Affected Version(s)

Firefox < 126

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
May 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dana Keeler