CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-10941

Medium Severity
Mozilla
SVRS
30/100
CVSSv3
6.5/10
EPSS
0.00063/1

CVE-2024-10941 describes a potential denial-of-service vulnerability in Firefox browsers. A specially crafted website containing an iframe with a malformed URI could trigger a browser crash, though this is considered non-exploitable. The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-10941 is 30, indicating a low level of immediate risk. While the CVSS score is moderate at 6.5, the low SVRS reflects the limited exploitability and impact reported by SOCRadar's threat intelligence. This means while a crash can occur, it doesn't allow for arbitrary code execution or data compromise, thus the risk is lower than the CVSS alone would suggest. Users of Firefox versions older than 126 should still update to mitigate the browser crash possibility, although it's not considered a critical security concern. The vulnerability is significant because it highlights the importance of robust URI parsing within browsers to prevent unexpected behavior.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-11-06
LAST MODIFIED2025-02-10

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-10941 | Mozilla Firefox up to 125 iFrame denial of service
vuldb.com2025-02-11
CVE-2024-10941 | Mozilla Firefox up to 125 iFrame denial of service | A vulnerability was found in Mozilla Firefox up to 125. It has been rated as problematic. Affected by this issue is some unknown functionality of the component iFrame Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-10941. The attack may be launched remotely. There is
vuldb.com
rss
forum
news

Social Media

CVE-2024-10941 Non-Exploitable Browser Crash via Malformed URI in Firefox < 126 An issue in Firefox versions before 126 can cause a browser crash if a malicious website includes an iframe with a malformed URI. Th... https://t.co/ftMsLTumGg
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppMozillafirefox

References

ReferenceLink
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1880879
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1887614
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-21/
GITHUBhttps://bugzilla.mozilla.org/show_bug.cgi?id=1880879

CWE Details

CWE IDCWE NameDescription
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web PagesThe software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence