Attackers could guess functional external protocol handlers on a user's system by monitoring operation times
CVE-2024-5690
Key Information
- Vendor
- Mozilla
- Status
- Firefox
- Firefox Esr
- Thunderbird
- Vendor
- CVE Published:
- 11 June 2024
Badges
Summary
The Mozilla products, including Firefox and Thunderbird, are affected by a high-severity vulnerability identified as CVE-2024-5690. This vulnerability allows attackers to guess functional external protocol handlers on a user's system by monitoring operation times. The potential impact includes the ability for attackers to execute arbitrary code, bypass security restrictions, or cause memory corruption on the affected systems. While there are no known exploitations of this vulnerability in the wild, users are strongly advised to update their Mozilla products to the latest versions to protect against potential remote attacks.
Affected Version(s)
Firefox < 127
Firefox ESR < 115.12
Thunderbird < 115.12
News Articles
Government issues important warning for Mozilla Firefox browser - Times of India
TECH NEWS : Update Mozilla products immediately to protect against CVE-2024-5690 and other identified vulnerabilities. Stay secure and prevent potential remote at
1 month ago
Refferences
CVSS V3.1
Timeline
First article discovered by Times of India
Vulnerability published
Vulnerability Reserved