CVE-2024-7524
CVSS v3.1
6.1 (Medium)
EPSS
0.05 % (22th)
Affected Products
2
Advisories
15
NVD Status
Analyzed
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Mozilla Corporation
- Published Date
-
2024-08-06 13:15:57
(5 weeks ago) - Updated Date
-
2024-08-29 17:35:34
(2 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...