VDB
CNVD-2024-12551
CNVD-2024-12551
PUBLISHED
CVSS 6.099999904632568 MEDIUM
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在HTTP头注入漏洞,该漏洞源于Set-Cookie响应报头在多部分HTTP响应中被错误地执行,攻击者可利用该漏洞注入浏览器所认可的Set-Cookie响应头。
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox ESR | unspecified |
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox | unspecified |
Timeline
- Feb 20, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 PoC Published
- Mar 1, 2024 CVE ID Reserved
- Mar 8, 2024 PoC Published
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1864385 url
- https://www.mozilla.org/security/advisories/mfsa2024-05/ url
- https://www.mozilla.org/security/advisories/mfsa2024-06/ url
- https://www.mozilla.org/security/advisories/mfsa2024-07/ url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html url