Firefox Vulnerability Allows Minimal Priviledged Extension to Modify Request Bodies
CVE-2024-7525

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 6 August 2024

Summary

A vulnerability exists in certain versions of Firefox and Thunderbird where a web extension could utilize minimal permissions to establish a StreamFilter. This could potentially allow unauthorized access to manipulate and read the response body of HTTP requests across any visited site. The affected versions include Firefox prior to version 129, as well as specific releases of Firefox ESR and Thunderbird. Organizations using these versions are advised to review security measures and consider updates to mitigate potential risks.

Affected Version(s)

Firefox < 129

Firefox ESR < 115.14

Firefox ESR < 128.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1909298

https://www.mozilla.org/security/advisories/mfsa2024-33/

https://www.mozilla.org/security/advisories/mfsa2024-34/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Aug 5, 2024

Credit

Rob Wu