CVE-2024-4772 – CVE-2024-4772 is a vulnerability in Firefox whe... (How to Fix)

Q: How do I fix CVE-2024-4772?

1. Open Firefox. 2. Click menu > Help > About Firefox. 3. Firefox will check for updates and install Firefox 126 or later. 4. Restart Firefox when prompted.

Q: What is the severity of CVE-2024-4772?

CVE-2024-4772 has a CVSS score of 5.9 (MEDIUM). CVE-2024-4772 is a vulnerability in Firefox where HTTP digest authentication nonce values were generated using the predictable rand() function instead of cryptographically secure random number generation. This could allow attackers to predict authentication nonces and potentially bypass authentication. The vulnerability affects Firefox versions before 126.

📋 TL;DR

CVE-2024-4772 is a vulnerability in Firefox where HTTP digest authentication nonce values were generated using the predictable rand() function instead of cryptographically secure random number generation. This could allow attackers to predict authentication nonces and potentially bypass authentication. The vulnerability affects Firefox versions before 126.

💻 Affected Systems

Products:

Mozilla Firefox

Versions: All versions < 126

Operating Systems: Windows, macOS, Linux, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using HTTP digest authentication. Most modern web applications use more secure authentication methods.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could predict authentication nonces to bypass HTTP digest authentication, potentially gaining unauthorized access to protected resources or performing session hijacking.

🟠

Likely Case

Limited authentication bypass in specific scenarios where HTTP digest authentication is used, requiring attacker proximity and timing.

🟢

If Mitigated

Minimal impact if systems use stronger authentication methods or have network segmentation limiting attack surface.

🌐 Internet-Facing: MEDIUM - HTTP digest authentication is less common than other methods, but internet-facing systems using it could be vulnerable.

🏢 Internal Only: LOW - Internal systems using HTTP digest authentication could be targeted, but attack requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires predicting nonce values and timing attacks against HTTP digest authentication, which is less commonly used than other authentication methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 126 and later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-21/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu > Help > About Firefox. 3. Firefox will check for updates and install Firefox 126 or later. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable HTTP Digest Authentication

all

Configure web servers to use more secure authentication methods like OAuth, SAML, or certificate-based authentication instead of HTTP digest authentication.

Use Alternative Browser

all

Temporarily use a different browser that is not affected by this vulnerability until Firefox can be updated.

🧯 If You Can't Patch

Implement network segmentation to isolate systems using HTTP digest authentication
Enable additional authentication factors for systems using HTTP digest authentication

🔍 How to Verify

Check if Vulnerable:

Check Firefox version: 1. Open Firefox. 2. Click menu > Help > About Firefox. 3. If version is less than 126, system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

After updating, verify Firefox version is 126 or higher using the same steps.

📡 Detection & Monitoring

Log Indicators:

Multiple failed HTTP digest authentication attempts from same source
Successful authentication with unusual timing patterns

Network Indicators:

HTTP traffic with digest authentication headers showing predictable nonce patterns

SIEM Query:

source="firefox.log" AND (event="authentication_failure" OR event="authentication_success") AND auth_method="digest"

📊 Metadata

CVE ID: CVE-2024-4772

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-338

Published: May 14, 2024

Last Updated: April 1, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1870579 Exploit,Issue Tracking,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-21/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1870579 Exploit,Issue Tracking,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-21/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4772, you might also want to check these: