CVE-2024-38312

EPSS 0.38%
Published 13.06.2024 20:15:15
Last modified 19.03.2025 15:15:47
Source security@mozilla.org
Teams watchlist Login
Open Login

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox SwPlatformiphone_os Version < 127.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.587

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://bugzilla.mozilla.org/show_bug.cgi?id=1878578

Issue Tracking

Permissions Required

https://www.mozilla.org/security/advisories/mfsa2024-27/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38312

EUVD