CVE-2024-29944

High

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent…

mozilla·CWE-830·Published 2024-03-22

CVSS

8.4

EPSS

0.05

KEV

Exploits

cve.orgen

317 chars

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

NVDen

317 chars

NVDes

348 chars

Un atacante pudo inyectar un controlador de eventos en un objeto privilegiado que permitiría la ejecución arbitraria de JavaScript en el proceso principal. Nota: Esta vulnerabilidad afecta únicamente a Firefox de escritorio, no afecta a las versiones móviles de Firefox. Esta vulnerabilidad afecta a Firefox < 124.0.1 y Firefox ESR < 115.9.1.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.4	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.4	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H