30/07/2025

ZDI-25-708: Mozilla Firefox Web Page Download Mark-Of-The-Web Protection Mechanism Failure Vulnerability

This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-3863.

You may also like

ZDI-25-639: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-25-844: Microsoft Windows Subsystem for Linux WslCoreVm::Initialize Incorrect Privilege Management Information Disclosure Vulnerability