PT-2024-4635 · Mozilla+10 · Thunderbird+12

Satoki Tsuji

Published

2024-06-11

Updated

2025-03-14

CVE-2024-5690

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 127 Firefox ESR versions prior to 115.12 Thunderbird versions prior to 115.12

Description: The issue is related to the use of hidden side channels, allowing an attacker to potentially guess which external protocol handlers are functional on a user's system by monitoring the time certain operations take. This could enable a remote attacker to gain unauthorized access to protected information.

Recommendations: For Firefox versions prior to 127, update to version 127 or later. For Firefox ESR versions prior to 115.12, update to version 115.12 or later. For Thunderbird versions prior to 115.12, update to version 115.12 or later.

Exploit

Fix

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203CWE-385

Related Identifiers

ALSA-2024:3954

ALSA-2024:3955

ALSA-2024:4002

ALSA-2024:4036

ALT-PU-2024-10126

ALT-PU-2024-10593

ALT-PU-2024-13895

ALT-PU-2024-13897

ALT-PU-2024-13898

ALT-PU-2024-14780

ALT-PU-2024-14892

ALT-PU-2024-15087

ALT-PU-2024-15175

ALT-PU-2024-15839

ALT-PU-2024-15840

ALT-PU-2024-15841

BDU:2024-05143

CESA-2024_3954

CESA-2024_4036

CVE-2024-5690

DLA-3825-1

DLA-3836-1

DSA-5709-1

DSA-5711-1

INFSA-2024_3954

INFSA-2024_3955

INFSA-2024_4002

INFSA-2024_4036

MGASA-2024-0222

MGASA-2024-0231

OESA-2024-1976

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:14044-1

OPENSUSE-SU-2024:14049-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_2061-1

RHSA-2024:3949

RHSA-2024:3950

RHSA-2024:3951

RHSA-2024:3952

RHSA-2024:3953

RHSA-2024:3954

RHSA-2024:3955

RHSA-2024:3958

RHSA-2024:3972

RHSA-2024:4001

RHSA-2024:4002

RHSA-2024:4003

RHSA-2024:4004

RHSA-2024:4015

RHSA-2024:4016

RHSA-2024:4018

RHSA-2024:4036

RHSA-2024:4063

RHSA-2024_3951

RHSA-2024_3954

RHSA-2024_3955

RHSA-2024_4002

RHSA-2024_4016

RHSA-2024_4036

RLSA-2024:3954

RLSA-2024:3955

RLSA-2024:4002

RLSA-2024:4036

SUSE-SU-2024:2012-1

SUSE-SU-2024:2061-1

SUSE-SU-2024:2073-1

SUSE-SU-2024:2371-1

SUSE-SU-2024:2399-1

USN-6840-1

USN-6862-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-4635 · Mozilla+10 · Thunderbird+12

CVE-2024-5690

Weakness Enumeration

Related Identifiers

Affected Products

References · 2191