CVE-2024-29944
EUVD-2024-2691822.03.2024, 13:15
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox_esr | 𝑥 < 115.9.1 |
| mozilla | firefox | 𝑥 ≤ 124.0.1 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mozilla | firefox | 𝑥 < 124 | ADP |
| mozilla | firefox_esr | 𝑥 < 115.9.1 | ADP |
Debian Releases
Debian Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||
| firefox-esr |
|
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||
| thunderbird |
| ||||||||||
| mozjs38 |
| ||||||||||
| mozjs52 |
| ||||||||||
| mozjs68 |
| ||||||||||
| mozjs78 |
| ||||||||||
| mozjs91 |
| ||||||||||
| mozjs102 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-other |
|
Red Hat Enterprise Linux Releases
References