CVE-2024-1554 – This vulnerability allows attackers to poison b... (How to Fix)

Q: How do I fix CVE-2024-1554?

1. Open Firefox. 2. Click the menu button (three horizontal lines). 3. Select Help > About Firefox. 4. Firefox will automatically check for updates and install Firefox 123. 5. Restart Firefox when prompted.

Q: What is the severity of CVE-2024-1554?

CVE-2024-1554 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to poison browser caches by using fetch() API requests with specific headers, causing subsequent navigations to the same URL to serve malicious cached content instead of legitimate responses. It affects Firefox users on versions below 123, potentially leading to phishing, malware delivery, or content manipulation.

📋 TL;DR

This vulnerability allows attackers to poison browser caches by using fetch() API requests with specific headers, causing subsequent navigations to the same URL to serve malicious cached content instead of legitimate responses. It affects Firefox users on versions below 123, potentially leading to phishing, malware delivery, or content manipulation.

💻 Affected Systems

Products:

Mozilla Firefox

Versions: All versions < 123

Operating Systems: Windows, macOS, Linux, Android

Default Config Vulnerable: ⚠️ Yes

Notes: All Firefox installations below version 123 are vulnerable by default. No special configuration required.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could serve malicious content (phishing pages, malware) to users who believe they are visiting legitimate sites, leading to credential theft, system compromise, or financial fraud.

🟠

Likely Case

Targeted phishing attacks where users are tricked into entering credentials on spoofed login pages that appear to be legitimate sites they previously visited.

🟢

If Mitigated

Users would see legitimate content as intended, with no cache poisoning or content manipulation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires specific conditions where attackers can control fetch() requests and users navigate to the same URLs. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 123

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-05/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click the menu button (three horizontal lines). 3. Select Help > About Firefox. 4. Firefox will automatically check for updates and install Firefox 123. 5. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable browser cache

all

Prevents cache poisoning by disabling browser caching entirely, though this will impact performance.

about:config > browser.cache.disk.enable = false
about:config > browser.cache.memory.enable = false

Use private browsing mode

all

Private/incognito sessions don't persist cache between sessions, preventing cache poisoning attacks.

Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (macOS)

🧯 If You Can't Patch

Use alternative browsers (Chrome, Edge, Safari) that are not affected by this specific vulnerability.
Implement strict network filtering and monitoring for suspicious fetch() requests to potentially malicious domains.

🔍 How to Verify

Check if Vulnerable:

Check Firefox version: Open Firefox > Menu > Help > About Firefox. If version is below 123, the system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

After updating, verify Firefox version is 123 or higher using the same steps.

📡 Detection & Monitoring

Log Indicators:

Unusual fetch() requests with custom headers to the same URLs users frequently visit
Multiple cache hits for URLs that should have unique responses

Network Indicators:

HTTP requests with unusual headers patterns from browser clients
Repeated requests to the same URL with varying headers

SIEM Query:

source="firefox_logs" AND (event="fetch_request" AND header_count > normal_baseline) OR (event="cache_hit" AND url IN sensitive_sites)

📊 Metadata

CVE ID: CVE-2024-1554

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

Published: February 20, 2024

Last Updated: April 2, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1816390 Exploit,Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-05/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1816390 Exploit,Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-05/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1554, you might also want to check these: