Search for vulnerabilities
Vulnerability details: VCID-bwcj-erpp-aaad
Vulnerability ID VCID-bwcj-erpp-aaad
Aliases CVE-2024-4769
Summary When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4769.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.0028 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-4769
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-21
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-22
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-23
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4769.json
https://api.first.org/data/v1/epss?cve=CVE-2024-4769
https://bugzilla.mozilla.org/show_bug.cgi?id=1886108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4777
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
https://www.mozilla.org/security/advisories/mfsa2024-21/
https://www.mozilla.org/security/advisories/mfsa2024-22/
https://www.mozilla.org/security/advisories/mfsa2024-23/
2280385 https://bugzilla.redhat.com/show_bug.cgi?id=2280385
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-4769 https://nvd.nist.gov/vuln/detail/CVE-2024-4769
mfsa2024-21 https://www.mozilla.org/en-US/security/advisories/mfsa2024-21
mfsa2024-22 https://www.mozilla.org/en-US/security/advisories/mfsa2024-22
mfsa2024-23 https://www.mozilla.org/en-US/security/advisories/mfsa2024-23
RHSA-2024:2881 https://access.redhat.com/errata/RHSA-2024:2881
RHSA-2024:2882 https://access.redhat.com/errata/RHSA-2024:2882
RHSA-2024:2883 https://access.redhat.com/errata/RHSA-2024:2883
RHSA-2024:2884 https://access.redhat.com/errata/RHSA-2024:2884
RHSA-2024:2885 https://access.redhat.com/errata/RHSA-2024:2885
RHSA-2024:2886 https://access.redhat.com/errata/RHSA-2024:2886
RHSA-2024:2887 https://access.redhat.com/errata/RHSA-2024:2887
RHSA-2024:2888 https://access.redhat.com/errata/RHSA-2024:2888
RHSA-2024:2903 https://access.redhat.com/errata/RHSA-2024:2903
RHSA-2024:2904 https://access.redhat.com/errata/RHSA-2024:2904
RHSA-2024:2905 https://access.redhat.com/errata/RHSA-2024:2905
RHSA-2024:2906 https://access.redhat.com/errata/RHSA-2024:2906
RHSA-2024:2911 https://access.redhat.com/errata/RHSA-2024:2911
RHSA-2024:2912 https://access.redhat.com/errata/RHSA-2024:2912
RHSA-2024:2913 https://access.redhat.com/errata/RHSA-2024:2913
RHSA-2024:3338 https://access.redhat.com/errata/RHSA-2024:3338
RHSA-2024:3783 https://access.redhat.com/errata/RHSA-2024:3783
RHSA-2024:3784 https://access.redhat.com/errata/RHSA-2024:3784
USN-6779-1 https://usn.ubuntu.com/6779-1/
USN-6782-1 https://usn.ubuntu.com/6782-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4769.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11214
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-05-17T12:42:35.434297+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-4769 34.0.0rc4