CVE-2024-7525

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 6, 2024
Updated: Aug 12, 2024
CWE ID 276
CWE ID 284

Summary

CVE-2024-7525 is a vulnerability that affects Firefox versions below 129, Firefox ESR below 115.14, Firefox ESR below 128.1, Thunderbird below 128.1, and Thunderbird below 115.14. This issue allows web extensions with minimal permissions to create a `StreamFilter`, enabling them to read and modify the response bodies of requests on any site. This poses a significant risk to user privacy and security. The vulnerability could potentially allow malicious extensions to intercept and manipulate sensitive data, making it essential for affected users to update their browsers as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mozilla Thunderbird
  • Mozilla Firefox
  • Mozilla Firefox ESR

Affected Vendors

  • Mozilla