Main Vulnerability Database Vulnerabilities #VU100962

#VU100962 Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11702

Published: November 26, 2024

Vulnerability identifier: #VU100962

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-11702

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to inadequate clipboard protection in private browsing mode. When copying sensitive information, such as passwords, from private browsing tabs on Android can lead to this data be stored in the cloud-based clipboard history if enabled.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/
https://bugzilla.mozilla.org/show_bug.cgi?id=1918884

#VU100962 Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11702

Description

Remediation

External links

Please verify you're human