CVE-2024-4776
published 2024-05-14CVE-2024-4776: A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
high8.2CVSS 3.1
AVNACLPRNUIRSCCNILAH
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 126.0-1 (sid) | firefox 126.0-1 (sid) |
| mozilla | firefox | < 126.0 | 126.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 126.0+build2-0ubuntu0.20.04.1 | 126.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 126.0.1+build1-0ubuntu0.20.04.1 | 126.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 126 | 126 |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H
osv8.8HIGH
OSV
firefox regressions
osv·2024-05-29·CVSS 8.8
CVE-2024-4767 [HIGH] firefox regressions
firefox regressions
USN-6779-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of
OSV
firefox vulnerabilities
osv·2024-05-21·CVSS 8.8
CVE-2024-4767 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)
Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in
GHSA
GHSA-38mm-6p5m-rh38: A file dialog shown while in full-screen mode could have resulted in the window remaining disabled
ghsa_unreviewed·2024-05-14
CVE-2024-4776 [HIGH] CWE-79 GHSA-38mm-6p5m-rh38: A file dialog shown while in full-screen mode could have resulted in the window remaining disabled
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
OSV
CVE-2024-4776: A file dialog shown while in full-screen mode could have resulted in the window remaining disabled
osv·2024-05-14·CVSS 8.2
CVE-2024-4776 [HIGH] CVE-2024-4776: A file dialog shown while in full-screen mode could have resulted in the window remaining disabled
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
Ubuntu
Firefox regressions
vendor_ubuntu·2024-05-29·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-6779-1 caused some minor regressions in Firefox.
USN-6779-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-05-21·CVSS 8.8
CVE-2024-4768 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)
Thomas Rinsma discovered that Fi
Debian
CVE-2024-4776: firefox - A file dialog shown while in full-screen mode could have resulted in the window ...
vendor_debian·2024·CVSS 8.2
CVE-2024-4776 [HIGH] CVE-2024-4776: firefox - A file dialog shown while in full-screen mode could have resulted in the window ...
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
Scope: local
sid: resolved (fixed in 126.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-21: CVE-2024-4776
vendor_mozilla·CVSS 8.2
CVE-2024-4776 [HIGH] Mozilla Foundation Security Advisory 2024-21: CVE-2024-4776
Mozilla Foundation Security Advisory 2024-21
CVE: CVE-2024-4776
Product: Firefox
Impact: moderate
Fixed in: Firefox 126
No detection rules found.
Nuclei
LiteLLM - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2024-6587 [HIGH] LiteLLM - Server-Side Request Forgery
LiteLLM - Server-Side Request Forgery
LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.
Template:
id: CVE-2024-6587
info:
name: LiteLLM - Server-Side Request Forgery
author: pdresearch,iamnoooob,rootxharsh,lambdasawa
severity: high
description: |
LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.
impact: |
Attackers can exploit SSRF to send requests to arbitrary URLs with OpenAI API keys in the Authorization header, potentially exposing API credentials.
remediation: |
Update LiteLLM to the latest version that addresses the SSRF vulnerability in the chat/completions endpoint.
reference:
- https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997
- https://cve.mitre.org/cgi-bin/cvename.cgi?na
No writeups or analysis indexed.
2024-05-14
Published