Products
Firefox
- < 126
Firefox ESR
- < 115.11
Thunderbird
- < 115.11
Firefox
- < 126
- ESR < 115.11
Source
security@mozilla.org
Tags
CVE-2024-4769 details
Last Modified : May 14, 2024, 7:17 p.m.
Description
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-21/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-22/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-23/ | security@mozilla.org |