CVE-2024-5689: Medium severity firefox vulnerability
Published Jun 11, 2024
·Updated
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing.
Affected Software
3 affected componentsFixes available
debian/firefox
131.0.3-1
Mozilla Firefox<127
127
Mozilla Firefox<127.0
Event History
Jun 11, 2024
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·12:40 PM
Data Sourced
via MITRE·12:40 PM
DescriptionWeakness
Data Sourced
via NVD·01:15 PM
DescriptionSeverityAffected Software
Jul 3, 2024
Data Sourced
via Launchpad·08:12 AM
Description
Sep 17, 2024
Data Sourced
via Ubuntu·08:20 AM
RemedyDescriptionSeverityAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2024-5689?
CVE-2024-5689 is classified as a high severity vulnerability due to its potential for misuse in phishing attacks.
2
How do I fix CVE-2024-5689?
To fix CVE-2024-5689, upgrade to Mozilla Firefox version 131.0.3-1 or later.
3
Which versions of Firefox are affected by CVE-2024-5689?
CVE-2024-5689 affects Firefox versions prior to 127.
4
What kind of attack can CVE-2024-5689 enable?
CVE-2024-5689 can enable phishing attacks by overlaying a fake 'My Shots' button that mimics a legitimate Firefox feature.
5
Can CVE-2024-5689 be exploited on all platforms?
Yes, CVE-2024-5689 can potentially be exploited across all platforms that support affected versions of Firefox.