If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 | Issue Tracking Exploit Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html | Mailing List |
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html | Mailing List |
https://www.mozilla.org/security/advisories/mfsa2024-21/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2024-22/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2024-23/ | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 | Issue Tracking Exploit Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html | Mailing List |
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html | Mailing List |
https://www.mozilla.org/security/advisories/mfsa2024-21/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2024-22/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2024-23/ | Vendor Advisory |
Configurations
History
01 Apr 2025, 17:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 - Issue Tracking, Exploit, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html - Mailing List | |
References | () https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html - Mailing List | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-21/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-22/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-23/ - Vendor Advisory | |
First Time |
Mozilla firefox
Debian Debian debian Linux Mozilla thunderbird Mozilla |
|
CWE | CWE-459 | |
CPE | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* |
28 Mar 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-359 |
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 - | |
References | () https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html - | |
References | () https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html - | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-21/ - | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-22/ - | |
References | () https://www.mozilla.org/security/advisories/mfsa2024-23/ - |
03 Jul 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 May 2024, 19:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-14 18:15
Updated : 2025-04-01 17:47
NVD link : CVE-2024-4767
Mitre link : CVE-2024-4767
CVE.ORG link : CVE-2024-4767
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
debian
- debian_linux