CVE-2024-7524

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Aug 29, 2024

CWE ID 79

Summary

CVE-2024-7524 is a vulnerability in Firefox affecting versions below 129, Firefox ESR below 115.14, and Firefox ESR below 128.1. Firefox implements web-compatibility shims instead of blocked tracking scripts due to Enhanced Tracking Protection. When a site utilizes Content Security Policy in "strict-dynamic" mode, attackers can inject an HTML element and perform a DOM Clobbering attack on certain shims, leading to Cross-Site Scripting (XSS) and bypassing CSP strict-dynamic protection.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mozilla Firefox

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xhhs2d
https://www.cve.org/CVERecord?id=CVE-2024-7524
https://nvd.nist.gov/vuln/detail/CVE-2024-7524

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners