CVE-2024-7531

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Oct 30, 2024

Summary

CVE-2024-7531 is a vulnerability in the Network Security Services (NSS) library affecting Firefox versions below 129, Firefox ESR below 115.14, and Firefox ESR below 128.1. This issue arises when the `PK11_Encrypt()` function in NSS is used with the ChaCha20 algorithm (CKM_CHACHA20) and the same buffer for input and output in Intel Sandy Bridge processors. The result is plaintext being exposed, leading to potential connection failures. In the context of Firefox, this vulnerability only impacts the QUIC header protection feature when utilizing the ChaCha20-Poly1305 cipher suite. Network observers may exploit this by identifying packets as originating from the same source even after a network path change, potentially compromising privacy.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mozilla Firefox
  • Mozilla Firefox ESR

Affected Vendors

  • Mozilla