The fetch()
API and navigation incorrectly shared the same cache, as the
cache key did not include the optional headers fetch()
may contain. Under
the correct circumstances, an attacker may have been able to poison the
local browser cache by priming it with a fetch()
response controlled by
the additional headers. Upon navigation to the same URL, the user would see
the cached response instead of the expected response. This vulnerability
affects Firefox < 123.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | < 123.0+build3-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1816390
launchpad.net/bugs/cve/CVE-2024-1554
nvd.nist.gov/vuln/detail/CVE-2024-1554
security-tracker.debian.org/tracker/CVE-2024-1554
ubuntu.com/security/notices/USN-6649-1
www.cve.org/CVERecord?id=CVE-2024-1554
www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
www.mozilla.org/security/advisories/mfsa2024-05/