Main Vulnerability Database Vulnerabilities #VU86645

#VU86645 Resource management error in Mozilla products - CVE-2024-1554

Published: February 20, 2024

Vulnerability identifier: #VU86645

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-1554

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox for Android
Firefox for iOS

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to poison browser cache.

The vulnerability exists due to the fetch() API and navigation incorrectly share the same cache, as the cache key does not include the optional headers the fetch() API may contain. A remote attacker can poison the local browser cache by priming it with a fetch() response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/

#VU86645 Resource management error in Mozilla products - CVE-2024-1554

Description

Remediation

External links

Please verify you're human