CVE-2024-10941 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mozilla	CNA	---				---
CISA-ADP	ADP	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Vendor	Product	Version
mozilla	firefox	𝑥 < 126.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

firefox

sid	139.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

oracular	not-affected
noble	not-affected
jammy	not-affected
focal	Fixed 126.0+build2-0ubuntu0.20.04.1 released

thunderbird

oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected

Common Weakness Enumeration

CWE-86 - Improper Neutralization of Invalid Characters in Identifiers in Web Pages
The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1880879

https://bugzilla.mozilla.org/show_bug.cgi?id=1887614

https://www.mozilla.org/security/advisories/mfsa2024-21/