CVE-2024-6601Time-of-check Time-of-use (TOCTOU) Race Condition in Mozilla Firefox

CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-281Improper Preservation of Permissions15 documents9 sources
Severity
4.7MEDIUMNVD
OSV6.3
EPSS
0.1%
top 70.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedJul 9
Latest updateJul 22

Description

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified128
NVDmozilla/firefox< 128.0
CVEListV5mozilla/firefox_esrunspecified115.13
CVEListV5mozilla/thunderbirdunspecified115.13+1
NVDmozilla/thunderbird< 128.0

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2024-07-22
OSV
firefox vulnerabilities2024-07-10
CVEList
Race condition in permission assignment2024-07-09
GHSA
GHSA-rjwc-235r-8986: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin2024-07-09
OSV
CVE-2024-6601: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin2024-07-09

📋Vendor Advisories

9
Ubuntu
Thunderbird vulnerabilities2024-07-22
Ubuntu
Firefox vulnerabilities2024-07-10
Microsoft
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunder2024-07-09
Red Hat
Mozilla: Race condition in permission assignment2024-07-09
Debian
CVE-2024-6601: firefox - A race condition could lead to a cross-origin container obtaining permissions of...2024
CVE-2024-6601 — Mozilla Firefox vulnerability | cvebase