Description

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

INFO

Published Date :

2024-08-06T12:38:13.921Z

Last Modified :

2025-03-25T16:30:45.591Z

Source :

mozilla
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7524 vulnerability.

Vendors Products
Mozilla
  • Firefox
  • Firefox Esr
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7524.

URL Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1909241 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-7524 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-7524 cve-icon
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7524 cve-icon
https://www.mozilla.org/security/advisories/mfsa2024-33/ cve-icon cve-icon
https://www.mozilla.org/security/advisories/mfsa2024-34/ cve-icon cve-icon
https://www.mozilla.org/security/advisories/mfsa2024-35/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact