CVE-2024-7525

Published Aug 6, 2024

Last updated 6 months ago

CVSS high 8.1

Overview

Description: It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Source: security@mozilla.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-276
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12C9ABF7-3B44-4C24-B152-488DCF9E2D39",
            "versionEndExcluding": "129.0"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95A2A856-7C7A-46A3-A2B5-967E63D7083A",
            "versionEndExcluding": "115.14.0"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE7D7BC3-F9A8-42D3-8C60-464457B7B2CC"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86167092-2071-4D6B-8CBC-F5C13923D7A8",
            "versionEndExcluding": "115.14.0"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:128.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65FE0D69-95D3-4440-8DE5-141510B64C20"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References