An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

Related CVEs

CVE-2024-29944

Key Information

GHSA ID

GHSA-cm37-53wc-mx6g

Published

March 22, 2024 3:31 PM

Last Modified

August 27, 2024 9:31 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.