CVE-2024-29944
EUVD-2024-2691822.03.2024, 13:15
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 115.9.1 |
| mozilla | firefox | 𝑥 ≤ 124.0.1 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||
| firefox-esr |
|
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||
| thunderbird |
| ||||||||||
| mozjs38 |
| ||||||||||
| mozjs52 |
| ||||||||||
| mozjs68 |
| ||||||||||
| mozjs78 |
| ||||||||||
| mozjs91 |
| ||||||||||
| mozjs102 |
|
References