PT-2024-32708 · Mozilla+1 · Firefox+2

Dana Keeler

Published

2024-05-14

Updated

2024-12-27

CVE-2024-4765

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 126 Firefox for Android versions prior to 126

Description The issue arises from the use of an insecure MD5 hash to store web application manifests, allowing for a hash collision that could overwrite another application's manifest. This could be exploited to run arbitrary code in another application's context.

Recommendations For Firefox versions prior to 126, update to version 126 or later to resolve the issue. For Firefox for Android versions prior to 126, update to version 126 or later to resolve the issue.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

ALT-PU-2024-15839

ALT-PU-2024-7772

CVE-2024-4765

OPENSUSE-SU-2024:13980-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Firefox For Android

PT-2024-32708 · Mozilla+1 · Firefox+2

CVE-2024-4765

Weakness Enumeration

Related Identifiers

Affected Products

References · 1868