QwikSec

Security Database

CVE

CWE

Training

CVE-2024-4769

Published: May 14, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 126`
Mozilla	Firefox ESR	affected `unspecified - < 115.11`
Mozilla	Thunderbird	affected `unspecified - < 115.11`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1886108

https://www.mozilla.org/security/advisories/mfsa2024-21/

https://www.mozilla.org/security/advisories/mfsa2024-22/

https://www.mozilla.org/security/advisories/mfsa2024-23/

https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html

https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.