CVE-2024-10941

EPSS 0.37%
Published 06.11.2024 21:15:05
Last modified 10.02.2025 23:15:11
Source security@mozilla.org
Teams watchlist Login
Open Login

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 126.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.58

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages

The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

https://www.mozilla.org/security/advisories/mfsa2024-21/

Vendor Advisory

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1880879

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1887614

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-10941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10941

EUVD