How severe is CVE-2024-47884?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-47884?

This is classified as CWE-378, which is a common weakness in software security.

CVE-2024-47884 - MEDIUM Severity | CVSS N/A

Vulnerability Description

foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0.

Related Vulnerabilities

CVE-2024-39872

CRITICAL

CVSS:9.9(Critical)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update pro...

CWE-3782024

CVE-2025-27148

HIGH

CVSS:8.8(High)

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that a...

CWE-3782025

CVE-2025-32438

HIGH

CVSS:8.8(High)

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able...

CWE-3782025

CVE-2016-9485

HIGH

CVSS:7.8(High)

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration i...

CWE-3782016

CVE-2021-1426

HIGH

CVSS:7.8(High)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executabl...

CWE-3782021

CVE-2021-1427

HIGH

CVSS:7.8(High)

CWE-3782021