FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla firefox -- protocol information guessing

Affected packages
firefox < 127.0,2

Details

VuXML ID aa1c7af9-570e-11ef-a43e-b42e991fc52e
Discovery 2024-06-11
Entry 2024-08-10

security@mozilla.org reports:

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

References

CVE Name CVE-2024-5690
URL https://nvd.nist.gov/vuln/detail/CVE-2024-5690