Search for vulnerabilities
Vulnerability details: VCID-25j8-adcc-aaaq
Vulnerability ID VCID-25j8-adcc-aaaq
Aliases CVE-2024-29944
Summary An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29944.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00119 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00729 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00807 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
epss 0.00884 https://api.first.org/data/v1/epss?cve=CVE-2024-29944
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2024-15
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2024-16
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29944.json
https://api.first.org/data/v1/epss?cve=CVE-2024-29944
https://bugzilla.mozilla.org/show_bug.cgi?id=1886852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29944
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
https://www.mozilla.org/security/advisories/mfsa2024-15/
https://www.mozilla.org/security/advisories/mfsa2024-16/
http://www.openwall.com/lists/oss-security/2024/03/23/1
1067523 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067523
2271064 https://bugzilla.redhat.com/show_bug.cgi?id=2271064
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-29944 https://nvd.nist.gov/vuln/detail/CVE-2024-29944
GLSA-202407-22 https://security.gentoo.org/glsa/202407-22
mfsa2024-15 https://www.mozilla.org/en-US/security/advisories/mfsa2024-15
mfsa2024-16 https://www.mozilla.org/en-US/security/advisories/mfsa2024-16
RHSA-2024:1483 https://access.redhat.com/errata/RHSA-2024:1483
RHSA-2024:1484 https://access.redhat.com/errata/RHSA-2024:1484
RHSA-2024:1485 https://access.redhat.com/errata/RHSA-2024:1485
RHSA-2024:1486 https://access.redhat.com/errata/RHSA-2024:1486
RHSA-2024:1487 https://access.redhat.com/errata/RHSA-2024:1487
RHSA-2024:1488 https://access.redhat.com/errata/RHSA-2024:1488
RHSA-2024:1489 https://access.redhat.com/errata/RHSA-2024:1489
RHSA-2024:1490 https://access.redhat.com/errata/RHSA-2024:1490
RHSA-2024:1491 https://access.redhat.com/errata/RHSA-2024:1491
USN-6710-1 https://usn.ubuntu.com/6710-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29944.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17032
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:19:31.450418+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-29944 34.0.0rc4