CVE-2024-5690: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This…

CVE-2024-5693 [HIGH] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-5689, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700, CVE-2024-5701) Lukas Bernhard discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-5688) Lukas Bernhard discovered that Firefox did not properly manage memory in the JavaScript en

CVE-2024-5688 [HIGH] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.(CVE-2024-5688, CVE-2024-5690, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702) Luan Herrera discovered that Thunderbird did not properly validate the X-Frame-Options header inside sandboxed iframe. An attacker could potentially exploit this issue to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Kirtikumar Anandrao Ramchandani discovered that Thunderbird did

CVE-2024-5690 [MEDIUM] CWE-203 By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ES By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. M

CVE-2024-5690 [MEDIUM] CWE-385 Mozilla: External protocol handlers leaked by timing attack Mozilla: External protocol handlers leaked by timing attack By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope

CVE-2024-5690 [MEDIUM] CVE-2024-5690: firefox - By monitoring the time certain operations take, an attacker could have guessed w... By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Scope: local sid: resolved (fixed in 127.0-1)

CVE-2024-5690 [MEDIUM] Mozilla Foundation Security Advisory 2024-25: CVE-2024-5690 Mozilla Foundation Security Advisory 2024-25 CVE: CVE-2024-5690 Product: Firefox Impact: high Fixed in: Firefox 127

CVE-2024-5690 [MEDIUM] Mozilla Foundation Security Advisory 2024-28: CVE-2024-5690 Mozilla Foundation Security Advisory 2024-28 CVE: CVE-2024-5690 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.12

CVE-2024-5690 [MEDIUM] Mozilla Foundation Security Advisory 2024-26: CVE-2024-5690 Mozilla Foundation Security Advisory 2024-26 CVE: CVE-2024-5690 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.12

CVE-2024-5689 [HIGH] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-5689, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700, CVE-2024-5701) Lukas Bernhard discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-5688) Lukas Bernhard discovered that Firefox did not properly manage memory in the JavaScript engine. An attacker could potentially exploit this issue to obtain

CVE-2024-5688 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.(CVE-2024-5688, CVE-2024-5690, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702) Luan Herrera discovered that Thunderbird did not properly validate the X-Frame-Options header inside sandboxed iframe. An attacker could potentially exploit this issue to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Kirtikumar Anandrao Ramchandani discovered that Thunderbird did not properly track cross-origin tainting in Offscreen Canvas. An att

CVE-2024-5690 [MEDIUM] CWE-203 GHSA-3fxj-qpxv-j6qj: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.

CVE-2024-5690 [MEDIUM] CVE-2024-5690: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2020-15680 [MEDIUM] Leaking Browser URL/Protocol Handlers through window.open() behavior Leaking Browser URL/Protocol Handlers through window.open() behavior Created attachment 9381005 PoC.html I am aware that a highly skilled hacker previously identified a vulnerability related to leaking URL/Protocol Handlers through an img tag in CVE-2020-15680. I consulted the following article for my research: https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers The technique discussed in this article involves using the size of an img tag as a means to leak information. However, I have discovered a simpler method of leaking such information in the latest version of Windows Desktop Firefox (122.0.1 64bit). I have found a method that can determine whether a URI scheme is valid based on the behavior of accessing the return value of window.open (whether it i