CVE-2024-4765
published 2024-05-14CVE-2024-4765: Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could…
high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 126.0 | 126.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 126 | 126 |
Debian
CVE-2024-4765: firefox - Web application manifests were stored by using an insecure MD5 hash which allowe...
vendor_debian·2024·CVSS 8.1
CVE-2024-4765 [HIGH] CVE-2024-4765: firefox - Web application manifests were stored by using an insecure MD5 hash which allowe...
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-21: CVE-2024-4765
vendor_mozilla·CVSS 8.1
CVE-2024-4765 [HIGH] Mozilla Foundation Security Advisory 2024-21: CVE-2024-4765
Mozilla Foundation Security Advisory 2024-21
CVE: CVE-2024-4765
Product: Firefox
Impact: moderate
Fixed in: Firefox 126
GHSA
GHSA-vp32-xxhm-ppgv: Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest
ghsa_unreviewed·2024-05-14
CVE-2024-4765 [HIGH] CWE-327 GHSA-vp32-xxhm-ppgv: Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published