CVE-2024-4765

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 126.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1871109
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-21/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1871109
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-21/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Версия до 126.0 (исключая)

EPSS

Процентиль: 23%

0.00071

Низкий

8.1 High

CVSS3

Дефекты

CWE-327

Связанные уязвимости

CVE-2024-4765

CVSS3: 8.1

ubuntu

около 1 года назад

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.

CVE-2024-4765

CVSS3: 8.1

debian

около 1 года назад

Web application manifests were stored by using an insecure MD5 hash wh ...

GHSA-vp32-xxhm-ppgv

CVSS3: 8.1

github

около 1 года назад

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.

EPSS

Процентиль: 23%

0.00071

Низкий

8.1 High

CVSS3

Дефекты

CWE-327