Attackers could guess functional external protocol handlers on a user's system by monitoring operation times

CVE-2024-5690
4.3MEDIUM

Key Information

Vendor
Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
11 June 2024

Badges

đź“° News Worthy

Summary

The Mozilla products, including Firefox and Thunderbird, are affected by a high-severity vulnerability identified as CVE-2024-5690. This vulnerability allows attackers to guess functional external protocol handlers on a user's system by monitoring operation times. The potential impact includes the ability for attackers to execute arbitrary code, bypass security restrictions, or cause memory corruption on the affected systems. While there are no known exploitations of this vulnerability in the wild, users are strongly advised to update their Mozilla products to the latest versions to protect against potential remote attacks.

Affected Version(s)

Firefox < 127

Firefox ESR < 115.12

Thunderbird < 115.12

News Articles

favicon imageTimes of India

Government issues important warning for Mozilla Firefox browser - Times of India

TECH NEWS : Update Mozilla products immediately to protect against CVE-2024-5690 and other identified vulnerabilities. Stay secure and prevent potential remote at

5 days ago

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • First article discovered by Times of India

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Satoki Tsuji
.