CVE-2024-8897

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1862537	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-45/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

25 Sep 2024, 19:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:o:google:android:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CWE		CWE-601
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-45/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-45/ - Vendor Advisory
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1862537 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1862537 - Issue Tracking, Permissions Required
First Time		Google android Google Mozilla firefox Mozilla

17 Sep 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-17 13:15

Updated : 2025-03-19 16:15

NVD link : CVE-2024-8897

Mitre link : CVE-2024-8897

JSON object : View

Products Affected

mozilla

firefox

google

android

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

6.1 /10