PT-2024-5824 · Mozilla+10 · Firefox+10

Masato Kinugawa

·

Published

2024-08-06

·

Updated

2025-03-14

·

CVE-2024-7524

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 129 Firefox ESR versions prior to 115.14 Firefox ESR versions prior to 128.1
Description The issue is related to the Content Security Policy component in Firefox browsers, specifically in "strict-dynamic" mode. An attacker who can inject an HTML element could use a DOM Clobbering attack on some web-compatibility shims and achieve cross-site scripting (XSS), bypassing the CSP strict-dynamic protection. This could allow a remote attacker to perform cross-site scripting attacks.
Recommendations For Firefox versions prior to 129, update to version 129 or later. For Firefox ESR versions prior to 115.14, update to version 115.14 or later. For Firefox ESR versions prior to 128.1, update to version 128.1 or later.

Fix

Improper Neutralization

Special Elements Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-74CWE-79

Related Identifiers

ALSA-2024:5322
ALSA-2024:5391
ALT-PU-2024-13895
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-15840
BDU:2024-06569
CESA-2024_5391
CVE-2024-7524
DSA-5740-1
INFSA-2024_5322
INFSA-2024_5391
MGASA-2024-0325
MGASA-2024-0332
MGASA-2024-0334
OESA-2024-2099
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:14260-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3003-1
RHSA-2024:5322
RHSA-2024:5323
RHSA-2024:5324
RHSA-2024:5325
RHSA-2024:5326
RHSA-2024:5327
RHSA-2024:5328
RHSA-2024:5329
RHSA-2024:5391
RHSA-2024_5322
RHSA-2024_5391
ROSA-SA-2025-2563
SUSE-SU-2024:2876-1
SUSE-SU-2024:3003-1
USN-6966-1
USN-6966-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu