CVE-2024-10941

EPSS 0.37%
Veröffentlicht 06.11.2024 21:15:05
Zuletzt bearbeitet 10.02.2025 23:15:11
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 126.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.58

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages

The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

https://www.mozilla.org/security/advisories/mfsa2024-21/

Vendor Advisory

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1880879

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1887614

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-10941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10941

EUVD