Home > Vulnerability Database > CVE-2024-1554

Mend.io Vulnerability Database

CVE-2024-1554

Date: February 20, 2024

The "fetch()" API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers "fetch()" may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a "fetch()" response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.

Language: C++

Severity Score

5.3

Related Resources (4)

Url: https://www.mozilla.org/security/advisories/mfsa2024-05/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1554

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1816390

Url: https://www.mend.io/vulnerability-database/CVE-2024-1554

Severity Score

5.3

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1554

Date: February 20, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?