Incorrect Default Permissions

CVE-2024-7525

High

8.1/10

Summary

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

Published Aug 06, 2024

Incorrect Default Permissions

CVE-2024-7525

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS