{"id":"CVE-2024-4767","details":"If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox \u003c 126, Firefox ESR \u003c 115.11, and Thunderbird \u003c 115.11.","modified":"2026-04-16T04:37:46.909598623Z","published":"2024-05-14T18:15:13.683Z","related":["ALSA-2024:2883","ALSA-2024:2888","ALSA-2024:3783","ALSA-2024:3784","CGA-9hg3-jpcw-468r","SUSE-SU-2024:1676-1","SUSE-SU-2024:1770-1","SUSE-SU-2024:1858-1","openSUSE-SU-2024:13980-1","openSUSE-SU-2024:13981-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-21/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-22/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-23/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1878577"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4767.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.11.0"}]},{"events":[{"introduced":"0"},{"fixed":"126.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}