CVE-2024-4765 Information

Description

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application’s manifest. This could have been exploited to run arbitrary code in another application’s context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 126.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1871109 https://www.mozilla.org/security/advisories/mfsa2024-21/