CVE-2024-4769 : When importing resources using Web Workers, error messages would distinguish the

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published 2024-05-14 17:21:24

Updated 2025-04-01 17:46:34

Source Mozilla Corporation

View at NVD, CVE.org

Products affected by CVE-2024-4769

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox »
Versions before (<) 126.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Matching versions
Mozilla » Firefox » ESR Edition
Versions before (<) 115.11.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 115.11.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-4769

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-4769

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	N/A	N/A	RedHat-CVE-2024-4769	2024-05-14
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2024-4769

CWE-351 Insufficient Type Distinction

The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-4769

https://www.mozilla.org/security/advisories/mfsa2024-23/

Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla
Vendor Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html

[SECURITY] [DLA 3815-1] firefox-esr security update
Mailing List

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1886108

Access Denied
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-22/

Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla
Vendor Advisory

CVEs referencing this url
https://www.mozilla.org/security/advisories/mfsa2024-21/

Security Vulnerabilities fixed in Firefox 126 — Mozilla
Vendor Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html

[SECURITY] [DLA 3817-1] thunderbird security update
Mailing List

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-4769

Products affected by CVE-2024-4769

Exploit prediction scoring system (EPSS) score for CVE-2024-4769

CVSS scores for CVE-2024-4769

CWE ids for CVE-2024-4769

References for CVE-2024-4769