{"id":"CVE-2024-2610","details":"Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.","modified":"2026-03-14T15:03:00.959724Z","published":"2024-03-19T12:15:08.957Z","related":["ALSA-2024:1484","ALSA-2024:1485","ALSA-2024:1493","ALSA-2024:1494","CGA-p3gq-p98f-42mh","MGASA-2024-0092","MGASA-2024-0094","SUSE-SU-2024:0971-1","SUSE-SU-2024:1002-1","SUSE-SU-2024:1147-1","openSUSE-SU-2024:13789-1","openSUSE-SU-2024:13795-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-12/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-13/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-14/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1871112"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2610.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.9.0"}]},{"events":[{"introduced":"0"},{"fixed":"124.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}