CVE-2024-6612

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 9, 2024
Updated: Jul 16, 2024
CWE ID 200

Summary

CVE-2024-6612 is a vulnerability affecting both Firefox version 127 and older, as well as Thunderbird version 127 and below. The issue stems from Cross-Site Protection (CSP) violations within the console tab of the developer tools. Instead of directly displaying the violating resource, links are generated, leading to a DNS prefetch. As a result, the fact that a CSP violation occurred is unintentionally revealed to potential attackers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share