CVE-2024-5697
published 2024-06-11CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 127.0-1 (sid) | firefox 127.0-1 (sid) |
| mozilla | firefox | < 127 | 127 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 127.0.2+build1-0ubuntu0.20.04.1 | 127.0.2+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 127 | 127 |
| onelogin | ruby-saml | >= 0 < 1.11.0-1ubuntu0.1 | 1.11.0-1ubuntu0.1 |
| onelogin | ruby-saml | >= 0 < 1.13.0-1ubuntu0.1 | 1.13.0-1ubuntu0.1 |
| onelogin | ruby-saml | >= 0 < 1.15.0-1ubuntu0.24.04.1 | 1.15.0-1ubuntu0.24.04.1 |
| onelogin | ruby-saml | >= 0 < 1.1.2-1ubuntu1+esm1 | 1.1.2-1ubuntu1+esm1 |
| onelogin | ruby-saml | >= 0 < 1.7.2-1ubuntu0.1~esm1 | 1.7.2-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv8.1HIGH
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-07-03·CVSS 8.1
CVE-2024-5693 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-5689,
CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698,
CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)
Lukas Bernhard discovered that Firefox did not properly manage memory
during garbage collection. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-5688)
Lukas Bernhard discovered that Firefox did not properly manage memory in
the JavaScript en
Debian
CVE-2024-5697: firefox - A website was able to detect when a user took a screenshot of a page using the b...
vendor_debian·2024·CVSS 4.3
CVE-2024-5697 [MEDIUM] CVE-2024-5697: firefox - A website was able to detect when a user took a screenshot of a page using the b...
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
Scope: local
sid: resolved (fixed in 127.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-25: CVE-2024-5697
vendor_mozilla·CVSS 4.3
CVE-2024-5697 [MEDIUM] Mozilla Foundation Security Advisory 2024-25: CVE-2024-5697
Mozilla Foundation Security Advisory 2024-25
CVE: CVE-2024-5697
Product: Firefox
Impact: high
Fixed in: Firefox 127
OSV
Ruby SAML vulnerabilities
osv·2025-02-28·CVSS 7.5
CVE-2016-5697 Ruby SAML vulnerabilities
Ruby SAML vulnerabilities
It was discovered that Ruby SAML did not properly validate SAML responses.
An unauthenticated attacker could use this vulnerability to log in as an
abitrary user. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5697)
It was discovered that Ruby SAML incorrectly utilized the results of XML
DOM traversal and canonicalization APIs. An unauthenticated attacker could
use this vulnerability to log in as an abitrary user. This issue only
affected Ubuntu 16.04 LTS. (CVE-2017-11428)
It was discovered that Ruby SAML did not properly verify the signature of
the SAML Response, allowing multiple elements with the same ID. An
unauthenticated attacker could use this vulnerability to log in as an
abitrary user. (CVE-2024-45409)
OSV
firefox vulnerabilities
osv·2024-07-03·CVSS 8.1
CVE-2024-5689 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-5689,
CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698,
CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)
Lukas Bernhard discovered that Firefox did not properly manage memory
during garbage collection. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-5688)
Lukas Bernhard discovered that Firefox did not properly manage memory in
the JavaScript engine. An attacker could potentially exploit this issue to
obtain
GHSA
GHSA-6fj5-m574-p4w9: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox
ghsa_unreviewed·2024-06-11
CVE-2024-5697 [MEDIUM] CWE-203 GHSA-6fj5-m574-p4w9: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
OSV
CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox
osv·2024-06-11·CVSS 4.3
CVE-2024-5697 [MEDIUM] CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-11
Published