CVE-2024-7525
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-7525 is a vulnerability that affects Firefox versions below 129, Firefox ESR below 115.14, Firefox ESR below 128.1, Thunderbird below 128.1, and Thunderbird below 115.14. This issue allows web extensions with minimal permissions to create a `StreamFilter`, enabling them to read and modify the response bodies of requests on any site. This poses a significant risk to user privacy and security. The vulnerability could potentially allow malicious extensions to intercept and manipulate sensitive data, making it essential for affected users to update their browsers as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Mozilla Thunderbird
- Mozilla Firefox
- Mozilla Firefox ESR
Affected Vendors
- Mozilla