Firefox Vulnerability Allows Minimal Priviledged Extension to Modify Request Bodies
CVE-2024-7525

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-7525?

A vulnerability exists in certain versions of Firefox and Thunderbird where a web extension could utilize minimal permissions to establish a StreamFilter. This could potentially allow unauthorized access to manipulate and read the response body of HTTP requests across any visited site. The affected versions include Firefox prior to version 129, as well as specific releases of Firefox ESR and Thunderbird. Organizations using these versions are advised to review security measures and consider updates to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 129

Firefox ESR < 115.14

Firefox ESR < 128.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1909298

https://www.mozilla.org/security/advisories/mfsa2024-33/

https://www.mozilla.org/security/advisories/mfsa2024-34/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Aug 5, 2024

Credit

Rob Wu

JSON

Mozilla

What is CVE-2024-7525?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.