6.5

CVE-2024-10941

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 126.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.305
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages

The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

https://www.mozilla.org/security/advisories/mfsa2024-21/
Vendor Advisory
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1880879
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1887614
Issue Tracking