Login Sign Up

CVE-2024-4773

7.5 HIGH

📋 TL;DR

This vulnerability in Firefox allows attackers to spoof websites by exploiting a network error during page loading. When a network error occurs, previous page content remains visible while the URL bar shows blank, enabling URL obfuscation attacks. This affects all Firefox users running versions below 126.

💻 Affected Systems

Products:
  • Mozilla Firefox
Versions: All versions below 126
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Firefox installations are vulnerable. No special configurations required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering sensitive information on spoofed banking, login, or payment pages that appear legitimate due to the URL bar showing blank instead of the actual malicious URL.

🟠

Likely Case

Phishing attacks where attackers create convincing fake websites that appear to have legitimate URLs due to the blank URL bar, increasing success rates of credential theft.

🟢

If Mitigated

With proper user awareness training and multi-factor authentication, the impact is reduced to minor inconvenience or failed phishing attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (visiting a malicious site) but the attack itself is simple to implement once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 126 and later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-21/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click the menu button (three horizontal lines). 3. Select Help > About Firefox. 4. Firefox will automatically check for updates and install Firefox 126 or later. 5. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents the network error condition from being triggered maliciously

about:config
Set javascript.enabled to false

Use Enhanced Tracking Protection Strict Mode

all

Blocks more trackers and potentially malicious scripts

Settings > Privacy & Security > Enhanced Tracking Protection > Strict

🧯 If You Can't Patch

  • Use alternative browsers like Chrome, Edge, or Safari until Firefox can be updated
  • Implement web filtering to block known malicious domains and phishing sites

🔍 How to Verify

Check if Vulnerable:

Check Firefox version in About Firefox dialog. If version is below 126, the system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

After updating, verify Firefox version is 126 or higher in About Firefox dialog.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed network requests followed by successful page loads with similar content
  • User reports of blank URL bars on legitimate-looking sites

Network Indicators:

  • HTTP 4xx/5xx errors followed by successful connections to different domains
  • Unusual redirect patterns

SIEM Query:

source="firefox.log" AND ("network error" OR "failed to load") AND "blank url"

📊 Metadata

CVE ID: CVE-2024-4773
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-601
Published: May 14, 2024
Last Updated: April 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4773, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)