Home > Vulnerability Database > CVE-2024-47884

Mend.io Vulnerability Database

CVE-2024-47884

Good to know:

Date: October 11, 2024

foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0.

Severity Score

5.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47884

Url: https://github.com/zefr0x/foxmarks/security/advisories/GHSA-8rh2-6pwm-5vvq

Url: https://github.com/zefr0x/foxmarks/commit/c3706bd882b3d61b353e4193f7d2dcfabd0c9a8e

Url: https://www.mend.io/vulnerability-database/CVE-2024-47884

Severity Score

5.5

Weakness Type (CWE)

Creation of Temporary File With Insecure Permissions

CWE-378

Top Fix

Upgrade Version

Upgrade to version v2.1.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47884

Good to know:

Date: October 11, 2024

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?