CVE-2024-6612
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jul 9, 2024
Updated: Jul 16, 2024
CWE ID 200
Summary
CVE-2024-6612 is a vulnerability affecting both Firefox version 127 and older, as well as Thunderbird version 127 and below. The issue stems from Cross-Site Protection (CSP) violations within the console tab of the developer tools. Instead of directly displaying the violating resource, links are generated, leading to a DNS prefetch. As a result, the fact that a CSP violation occurred is unintentionally revealed to potential attackers.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mozilla Firefox
Affected Vendors
- Mozilla