Vulnerability Details : CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
Published 2024-03-22 13:15:08
Updated 2025-04-01 16:30:38
Source Mozilla Corporation
View at NVD,   CVE.org

Products affected by CVE-2024-29944

Exploit prediction scoring system (EPSS) score for CVE-2024-29944

EPSS FAQ
0.88%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-29944

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
8.4
 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.5
5.9
 134c704f-9b21-4f2e-91b3-4a467353bcc0 2024-08-27
8.8
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
N/A
 RedHat-CVE-2024-29944 2024-03-22

CWE ids for CVE-2024-29944

  • The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.
    Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-29944

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close