CVE-2024-1554

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1816390
• https://www.mozilla.org/security/advisories/mfsa2024-05/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/
• https://launchpad.net/bugs/cve/CVE-2024-1554
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
• https://security-tracker.debian.org/tracker/CVE-2024-1554
• https://ubuntu.com/security/notices/USN-6649-1
• https://www.cve.org/CVERecord?id=CVE-2024-1554
• https://nvd.nist.gov/vuln/detail/CVE-2024-1554
• https://ubuntu.com/security/CVE-2024-1554

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2024-05

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-1546
• CVE-2024-1547
• CVE-2024-1554
• CVE-2024-1548
• CVE-2024-1549
• CVE-2024-1550
• CVE-2024-1551
• CVE-2024-1555
• CVE-2024-1556
• CVE-2024-1552
• CVE-2024-1553
• CVE-2024-1557

Frequently Asked Questions

• What is the severity of CVE-2024-1554?

  CVE-2024-1554 is rated as a medium severity vulnerability that affects the caching mechanism of the fetch API in Mozilla Firefox.

• How do I fix CVE-2024-1554?

  To remediate CVE-2024-1554, update Mozilla Firefox to version 123 or later, or update the debian/firefox package to version 135.0-1.

• Which versions of Firefox are affected by CVE-2024-1554?

  Mozilla Firefox versions up to 123 are affected by CVE-2024-1554.

• What can an attacker do with CVE-2024-1554?

  An attacker can potentially poison the local browser cache by manipulating the fetch API under certain conditions.

• Is CVE-2024-1554 relevant to Debian Firefox users?

  Yes, users of the debian/firefox package should update to version 135.0-1 to mitigate CVE-2024-1554.