CVE-2024-7524

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Aug 29, 2024

CWE ID 79

Summary

CVE-2024-7524 is a vulnerability in Firefox affecting versions below 129, Firefox ESR below 115.14, and Firefox ESR below 128.1. Firefox implements web-compatibility shims instead of blocked tracking scripts due to Enhanced Tracking Protection. When a site utilizes Content Security Policy in "strict-dynamic" mode, attackers can inject an HTML element and perform a DOM Clobbering attack on certain shims, leading to Cross-Site Scripting (XSS) and bypassing CSP strict-dynamic protection.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mozilla Firefox

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xhhs2d
https://www.cve.org/CVERecord?id=CVE-2024-7524
https://nvd.nist.gov/vuln/detail/CVE-2024-7524

Back to Vulnerability Database