Base Score

HIGH8.6

CVE-2024-5696

By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

VectorNETWORK

Published Bysecurity@mozilla.org

Published DateJun 11, 2024, 13:15

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

HIGH

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1896555
https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
https://www.mozilla.org/security/advisories/mfsa2024-25/
https://www.mozilla.org/security/advisories/mfsa2024-26/
https://www.mozilla.org/security/advisories/mfsa2024-28/

Base Score

HIGH8.6

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

HIGH