CVE-2024-4765

{"id": "CVE-2024-4765", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T18:15:13.133", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871109", "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871109", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-21/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. \n*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126."}, {"lang": "es", "value": "Los manifiestos de las aplicaciones web se almacenaban mediante un hash MD5 inseguro que permit\u00eda que una colisi\u00f3n de hash sobrescribiera el manifiesto de otra aplicaci\u00f3n. Esto podr\u00eda haberse aprovechado para ejecutar c\u00f3digo arbitrario en el contexto de otra aplicaci\u00f3n. *Este problema s\u00f3lo afecta a Firefox para Android. Otras versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox &lt; 126."}], "lastModified": "2024-11-21T09:43:33.460", "sourceIdentifier": "security@mozilla.org"}