CVE-2024-4765
Published: 14 May 2024
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
Notes
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap This only affects android |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(android-specific)
|
jammy |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Not vulnerable
(debian: Android-specific)
|
|
thunderbird Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(android-specific)
|
jammy |
Not vulnerable
(android-specific)
|
|
mantic |
Not vulnerable
(android-specific)
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|