CVE-2024-4769 — Insufficient Type Distinction in Mozilla Firefox
Severity
5.9MEDIUMNVD
OSV8.8
EPSS
0.8%
top 25.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 14
Latest updateMay 29
Description
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages8 packages
Also affects: Debian Linux 10.0
🔴Vulnerability Details
6GHSA▶
GHSA-vgc7-vqc6-2858: When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script↗2024-05-14
OSV▶
CVE-2024-4769: When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script↗2024-05-14