Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-5687

HistoryJun 11, 2024 - 1:15 p.m.

CVE-2024-5687

2024-06-1113:15:50

Alpine Linux Development Team

security.alpinelinux.org

cve-2024-5687

triggering principal

security checks

browser

misleading information

remote websites

firefox for android

unix

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

JSON

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec-* headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.
This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 127.

OSVersionArchitecturePackageVersionFilename
Alpine3.20-communitynoarchfirefox= 126.0.1-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.20-community	noarch	firefox	= 126.0.1-r0	UNKNOWN

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for ALPINE:CVE-2024-5687