CNVD-2024-10433 — Vulnetix

CNVD-2024-10433 PUBLISHED CVSS 8.800000190734863 HIGH

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是电子邮件客户端软件，支持IMAP、POP邮件协议以及HTML邮件格式。多款Mozilla产品存在权限提升漏洞，该漏洞是由于devtools扩展中的错误引起的。攻击者可利用此漏洞在系统上获得更高的权限。

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	unspecified
Mozilla	Firefox ESR	unspecified
Mozilla	Thunderbird	unspecified

Exploit Intelligence

CIRCL seen: CVE-2024-0751 (circl-sighting)
CIRCL seen: CVE-2024-0751 (circl-sighting)
CIRCL seen: CVE-2024-0751 (circl-sighting)
CIRCL seen: CVE-2024-0751 (circl-sighting)
https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 (circl)
https://www.mozilla.org/security/advisories/mfsa2024-01/ (circl)
https://www.mozilla.org/security/advisories/mfsa2024-02/ (circl)
https://www.mozilla.org/security/advisories/mfsa2024-04/ (circl)
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html (circl)
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html (circl)

Timeline

Jan 23, 2024 CVE Published
Jan 23, 2024 PoC Published
Jan 25, 2024 PoC Published
Feb 17, 2024 PoC Published
Feb 17, 2024 PoC Published

References

Open in Interactive Console →