Mozilla · Thunderbird · CVE-2024-6612
**Name of the Vulnerable Software and Affected Versions**
Firefox versions prior to 128
Thunderbird versions prior to 128
**Description**
The issue is related to the console tab of the developer tools in Firefox, where CSP violations generate links pointing to the violating resource, causing a DNS prefetch that leaks information about the CSP violation. This could allow a remote attacker to access confidential data.
**Recommendations**
For Firefox versions prior to 128, update to version 128 or later to resolve the issue.
For Thunderbird versions prior to 128, update to version 128 or later to resolve the issue.