Main Vulnerability Database Vulnerabilities #VU94625

Security features bypass in Firefox for Android and Mozilla Firefox - CVE-2024-6612

Published: July 21, 2024

Vulnerability identifier: #VU94625

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-6612

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass CSP protection mechanism.

The vulnerability exists due to CSP violation leakage when using devtools. CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened.

How to mitigate CVE-2024-6612

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/

Security features bypass in Firefox for Android and Mozilla Firefox - CVE-2024-6612

Detailed vulnerability description

How to mitigate CVE-2024-6612

Sources

Please verify you're human