Firefox for Android Vulnerability Affects Triggering Principal Calculation

CVE-2024-5687

Currently unrated 🤨

Key Information

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 11 June 2024

Summary

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec-* headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 127.

Affected Version(s)

Firefox < 127

Refferences

https://bugzilla.mozilla.org/show_bug.cgi?id=1889066

https://www.mozilla.org/security/advisories/mfsa2024-25/

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Jun 6, 2024

Collectors

NVD DatabaseMitre Database

Credit

jackyzy823