English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.2.1.2024.21
Category:General
Title:Mozilla Firefox Security Advisory (MFSA2024-21) - Linux
Summary:This host is missing a security update for Mozilla Firefox.
Description:Summary:
This host is missing a security update for Mozilla Firefox.

Vulnerability Insight:
CVE-2024-4764: Use-after-free when audio input connected with multiple consumers
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free.

CVE-2024-4367: Arbitrary JavaScript execution in PDF.js
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.

CVE-2024-4767: IndexedDB files retained in private browsing mode
If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox.

CVE-2024-4768: Potential permissions request bypass via clickjacking
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.

CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin.

CVE-2024-4770: Use-after-free could occur when printing to PDF
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash.

CVE-2024-4771: Failed allocation could lead to use-after-free
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution.

CVE-2024-4772: Use of insecure rand() function to generate nonce
An HTTP digest authentication nonce value was generated using rand() which could lead to predictable values.

CVE-2024-4773: URL bar could be cleared after network error
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site.

CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry()
The ShmemCharMapHashEntry() code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
Firefox version(s) below 126.

Solution:
The vendor has released an update. Please see the reference(s) for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-10941
Common Vulnerability Exposure (CVE) ID: CVE-2024-4367
https://bugzilla.mozilla.org/show_bug.cgi?id=1893645
https://www.mozilla.org/security/advisories/mfsa2024-21/
https://www.mozilla.org/security/advisories/mfsa2024-22/
https://www.mozilla.org/security/advisories/mfsa2024-23/
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-4764
https://bugzilla.mozilla.org/show_bug.cgi?id=1879093
Common Vulnerability Exposure (CVE) ID: CVE-2024-4767
https://bugzilla.mozilla.org/show_bug.cgi?id=1878577
Common Vulnerability Exposure (CVE) ID: CVE-2024-4768
https://bugzilla.mozilla.org/show_bug.cgi?id=1886082
Common Vulnerability Exposure (CVE) ID: CVE-2024-4769
https://bugzilla.mozilla.org/show_bug.cgi?id=1886108
Common Vulnerability Exposure (CVE) ID: CVE-2024-4770
https://bugzilla.mozilla.org/show_bug.cgi?id=1893270
Common Vulnerability Exposure (CVE) ID: CVE-2024-4771
https://bugzilla.mozilla.org/show_bug.cgi?id=1893891
Common Vulnerability Exposure (CVE) ID: CVE-2024-4772
https://bugzilla.mozilla.org/show_bug.cgi?id=1870579
Common Vulnerability Exposure (CVE) ID: CVE-2024-4773
https://bugzilla.mozilla.org/show_bug.cgi?id=1875248
Common Vulnerability Exposure (CVE) ID: CVE-2024-4774
https://bugzilla.mozilla.org/show_bug.cgi?id=1886598
Common Vulnerability Exposure (CVE) ID: CVE-2024-4775
https://bugzilla.mozilla.org/show_bug.cgi?id=1887332
Common Vulnerability Exposure (CVE) ID: CVE-2024-4776
https://bugzilla.mozilla.org/show_bug.cgi?id=1887343
Common Vulnerability Exposure (CVE) ID: CVE-2024-4777
Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340
Common Vulnerability Exposure (CVE) ID: CVE-2024-4778
Memory safety bugs fixed in Firefox 126
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1838834%2C1889291%2C1889595%2C1890204%2C1891545
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.