Description
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Use after free vulnerability in Parcel Tracking can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Web Authentication can be exploited to cause denial of service or execute arbitrary code.
- Insufficient data validation vulnerability in Downloads can be exploited to bypass security restrictions.
- A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
- Use after free vulnerability in Dawn can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in DevTools can be exploited to cause denial of service or execute arbitrary code.
- A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
- Inappropriate implementation vulnerability in Web Authentication can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in PictureInPicture can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in Navigations can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in Payments can be exploited to cause denial of service.
- Use after free vulnerability in AI can be exploited to cause denial of service or execute arbitrary code.
- Insufficient data validation vulnerability in DevTools can be exploited to bypass security restrictions.
- Inappropriate implementation vulnerability in Permissions can be exploited to cause denial of service.
- Use after free vulnerability in UI can be exploited to cause denial of service or execute arbitrary code.
Original advisories
- CVE-2024-9955
- CVE-2024-9963
- CVE-2024-43577
- CVE-2024-43580
- CVE-2024-9960
- CVE-2024-9959
- CVE-2024-43578
- CVE-2024-43587
- CVE-2024-9956
- CVE-2024-9958
- CVE-2024-43596
- CVE-2024-9966
- CVE-2024-9964
- CVE-2024-9954
- CVE-2024-9965
- CVE-2024-43566
- CVE-2024-49023
- CVE-2024-43579
- CVE-2024-9962
- CVE-2024-43595
- CVE-2024-9957
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2024-9956 warning
- CVE-2024-9959 warning
- CVE-2024-9954 critical
- CVE-2024-9955 warning
- CVE-2024-9958 warning
- CVE-2024-9962 warning
- CVE-2024-9966 high
- CVE-2024-9965 critical
- CVE-2024-9957 warning
- CVE-2024-9964 warning
- CVE-2024-9961 warning
- CVE-2024-9963 warning
- CVE-2024-9960 warning
- CVE-2024-43577 warning
- CVE-2024-43580 high
- CVE-2024-43578 critical
- CVE-2024-43587 critical
- CVE-2024-43596 critical
- CVE-2024-43566 critical
- CVE-2024-49023 high
- CVE-2024-43579 critical
- CVE-2024-43595 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!