Attackers could guess functional external protocol handlers on a user's system by monitoring operation times
CVE-2024-5690

4.3MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 11 June 2024

Badges

📰 News Worthy

Summary

The Mozilla products, including Firefox and Thunderbird, are affected by a high-severity vulnerability identified as CVE-2024-5690. This vulnerability allows attackers to guess functional external protocol handlers on a user's system by monitoring operation times. The potential impact includes the ability for attackers to execute arbitrary code, bypass security restrictions, or cause memory corruption on the affected systems. While there are no known exploitations of this vulnerability in the wild, users are strongly advised to update their Mozilla products to the latest versions to protect against potential remote attacks.

Affected Version(s)

Firefox < 127

Firefox ESR < 115.12

Thunderbird < 115.12

News Articles

Times of India

CVE-2024-5690

Government issues important warning for Mozilla Firefox browser - Times of India

TECH NEWS : Update Mozilla products immediately to protect against CVE-2024-5690 and other identified vulnerabilities. Stay secure and prevent potential remote at

3 months ago

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1883693

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

https://www.mozilla.org/security/advisories/mfsa2024-25/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by Times of India
Nov 16, 2024
Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Jun 6, 2024

Credit

Satoki Tsuji