CVE-2024-8897

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUM
EPSS
11.8%
top 6.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR AndroidMozilla Firefox
Timeline
PublishedSep 17

Description

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5mozilla/firefox_for_androidunspecified130.0.1
NVDmozilla/firefox< 130.0.1

🔴Vulnerability Details

2
CVEList
CVE-2024-8897: Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to sp2024-09-17
GHSA
GHSA-hj65-9wfc-jmf4: Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to sp2024-09-17

📋Vendor Advisories

2
Debian
CVE-2024-8897: firefox - Under certain conditions, an attacker with the ability to redirect users to a ma...2024
Mozilla
Mozilla Foundation Security Advisory 2024-45: CVE-2024-8897
CVE-2024-8897 (MEDIUM CVSS 6.1) | Under certain conditions | cvebase.io