Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-327 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2024-05-14T17:21:25.339Z
Updated: 2024-08-29T20:28:35.825Z
Reserved: 2024-05-10T17:36:57.151Z
Link: CVE-2024-4765
Vulnrichment
Updated: 2024-08-01T20:47:41.687Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T18:15:13.133
Modified: 2024-11-21T09:43:33.460
Link: CVE-2024-4765
Redhat
No data.