PT-2024-1980 · Mozilla+4 · Firefox+4

Narendra Bhati

Published

2024-02-20

Updated

2025-03-14

CVE-2024-1555

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 123

Description The issue is related to errors in processing SameSite cookies when opening a website using the "firefox://" protocol handler. This could allow a remote attacker to impact the integrity of protected information.

Recommendations For versions prior to 123, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the firefox:// protocol handler until a patch is available.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-290

Related Identifiers

ALT-PU-2024-15839

ALT-PU-2024-2933

BDU:2024-01816

CVE-2024-1555

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13728-1

OPENSUSE-SU-2024:14572-1

USN-6649-1

USN-6649-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2024-1980 · Mozilla+4 · Firefox+4

CVE-2024-1555

Weakness Enumeration

Related Identifiers

Affected Products

References · 2092