Security Vulnerabilities - CVEs Published In May 2024
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-05-14
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.
CVSS Score
8.6
EPSS Score
0.006
Published
2024-05-14
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context.
*This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-05-14
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-05-14
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS Score
4.3
EPSS Score
0.009
Published
2024-05-14
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS Score
8.8
EPSS Score
0.346
Published
2024-05-14
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-05-14
A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.
CVSS Score
8.8
EPSS Score
0.011
Published
2024-05-14
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-14
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.
CVSS Score
6.8
EPSS Score
0.005
Published
2024-05-14