Main Vulnerability Database Vulnerabilities #VU100962

Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11702

Published: November 26, 2024

Vulnerability identifier: #VU100962

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-11702

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to inadequate clipboard protection in private browsing mode. When copying sensitive information, such as passwords, from private browsing tabs on Android can lead to this data be stored in the cloud-based clipboard history if enabled.

How to mitigate CVE-2024-11702

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/
https://bugzilla.mozilla.org/show_bug.cgi?id=1918884

Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11702

Detailed vulnerability description

How to mitigate CVE-2024-11702

Sources

Please verify you're human