CVE-2024-4767
14.05.2024, 18:15
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 115.11.0 |
| mozilla | firefox | 𝑥 < 126.0 |
| mozilla | thunderbird | 𝑥 < 115.11.0 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| firefox-esr |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||
| mozjs102 |
| ||||||||||
| mozjs38 |
| ||||||||||
| mozjs52 |
| ||||||||||
| mozjs68 |
| ||||||||||
| mozjs78 |
| ||||||||||
| mozjs91 |
| ||||||||||
| thunderbird |
|
Common Weakness Enumeration
- CWE-459 - Incomplete CleanupThe software does not properly "clean up" and remove temporary or supporting resources after they have been used.
- CWE-359 - Exposure of Private Personal Information to an Unauthorized ActorThe product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
References