DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-7524

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-7524

CGA ID

CGA-gmjc-2j55-qpxx

Severity

6.1

Medium

CVSS V3

Description

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images