CVE-2024-7524
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 6, 2024
Updated: Aug 29, 2024
CWE ID 79
Summary
CVE-2024-7524 is a vulnerability in Firefox affecting versions below 129, Firefox ESR below 115.14, and Firefox ESR below 128.1. Firefox implements web-compatibility shims instead of blocked tracking scripts due to Enhanced Tracking Protection. When a site utilizes Content Security Policy in "strict-dynamic" mode, attackers can inject an HTML element and perform a DOM Clobbering attack on certain shims, leading to Cross-Site Scripting (XSS) and bypassing CSP strict-dynamic protection.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mozilla Firefox
Affected Vendors
- Mozilla