Описание
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 126.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | not-affected | android-specific |
| jammy | not-affected | code not present |
| mantic | not-affected | code not present |
| noble | not-affected | code not present |
| upstream | not-affected | debian: Android-specific |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | not-affected | android-specific |
| jammy | not-affected | android-specific |
| mantic | not-affected | android-specific |
| noble | not-affected | code not present |
| upstream | needs-triage |
Показывать по
EPSS
8.1 High
CVSS3
Связанные уязвимости
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
Web application manifests were stored by using an insecure MD5 hash wh ...
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
EPSS
8.1 High
CVSS3