VDB

GCVE-110-NCSC-2024-324

GCVE-110-NCSC-2024-324
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published August 7, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Weaknesses (CWE)

CWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-416Use After FreeCWE-125Out-of-bounds ReadCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-275-CWE-824Access of Uninitialized PointerCWE-311Missing Encryption of Sensitive Data

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
mozillafirefox_esr
mozillafirefox
mozillathunderbird

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›