Vulnerability CVE-2024-1554: Information
Description
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firefox | sisyphus | 123.0-alt1 | 125.0.2-alt1 | ALT-PU-2024-2933-1 | 341362 | Fixed |
firefox | sisyphus_riscv64 | 123.0-alt0.port | 124.0.1-alt0.port | ALT-PU-2024-3300-1 | - | Fixed |
firefox | sisyphus_loongarch64 | 123.0-alt1.0.port | 125.0.2-alt1.0.port | ALT-PU-2024-3000-1 | - | Fixed |