CVE-2024-1554 Overview
CVE-2024-1554 is a cache poisoning vulnerability affecting Mozilla Firefox where the fetch() API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch() may contain, creating a security flaw that could allow attackers to poison the local browser cache. Under the correct circumstances, an attacker could prime the cache with a fetch() response controlled by additional headers. Upon navigation to the same URL, users would see the cached response instead of the expected response, potentially leading to content spoofing and other malicious outcomes.
Critical Impact
Attackers can poison the browser cache by exploiting the shared cache mechanism between fetch() API and navigation, potentially serving malicious content to users visiting legitimate URLs.
Affected Products
- Mozilla Firefox versions prior to 123
- Mozilla Firefox (all platforms)
- Mozilla Firefox standard release channel
Discovery Timeline
- 2024-02-20 - CVE CVE-2024-1554 published to NVD
- 2025-04-02 - Last updated in NVD database
Technical Details for CVE-2024-1554
Vulnerability Analysis
This vulnerability is classified under CWE-345 (Insufficient Verification of Data Authenticity) and stems from an improper implementation of the browser's caching mechanism. The core issue lies in how Firefox handles cache keys for resources requested via the fetch() API compared to standard navigation requests.
When a web page uses the fetch() API with optional headers, these headers can influence the response content. However, Firefox's caching implementation failed to incorporate these optional headers into the cache key generation process. This creates a scenario where a response fetched with specific headers gets cached under a URL-only key, making it retrievable during subsequent navigation requests to the same URL—even though those navigation requests would not include the same headers.
The vulnerability enables a sophisticated cache poisoning attack where an attacker can inject malicious content into the browser's local cache that will be served to users during normal browsing activities.
Root Cause
The root cause of CVE-2024-1554 is the incomplete cache key derivation in Firefox's networking stack. The cache key for fetch() requests did not account for optional HTTP headers that could alter the server's response. This violated the principle that semantically different requests should have distinct cache entries.
When the browser generates a cache key, it must consider all factors that could affect the response. By omitting optional headers from the key calculation, Firefox created a collision scenario where responses tied to specific header configurations could be returned for requests that did not include those headers.
Attack Vector
The attack exploits the network-accessible browser caching mechanism. An attacker could execute this attack through the following general approach:
- The attacker hosts a malicious page or compromises a legitimate website
- The malicious page issues a fetch() request to a target URL with specific optional headers that cause the server to return attacker-controlled content
- The browser caches this response under a key based solely on the URL
- When the victim later navigates to the same URL through normal means (clicking a link, typing in the address bar), the browser serves the poisoned cached response instead of fetching fresh content
- The victim sees attacker-controlled content while believing they are viewing legitimate content from the target site
This attack does not require user interaction beyond normal browsing behavior after the initial cache poisoning. The vulnerability is particularly concerning because it undermines users' trust in URL-based content authenticity. For technical implementation details, refer to the Mozilla Bug Report #1816390.
Detection Methods for CVE-2024-1554
Indicators of Compromise
- Unexpected or modified content appearing on previously visited websites
- Browser cache entries showing responses that don't match expected server behavior
- User reports of seeing different content than expected when navigating to familiar URLs
- Evidence of malicious JavaScript executing in contexts where it shouldn't have access
Detection Strategies
- Monitor browser version deployments across the organization to identify instances of Firefox versions below 123
- Implement network monitoring to detect unusual fetch() requests with suspicious header combinations
- Review web application logs for anomalous request patterns that may indicate cache poisoning attempts
- Deploy endpoint detection solutions to identify exploitation behavior patterns
Monitoring Recommendations
- Establish baseline metrics for Firefox version distribution in your environment
- Configure SentinelOne agents to alert on vulnerable Firefox installations
- Monitor for unexpected content modifications in browser cache directories
- Track browser-related security events that may indicate cache manipulation attempts
How to Mitigate CVE-2024-1554
Immediate Actions Required
- Update all Mozilla Firefox installations to version 123 or later immediately
- Enforce browser update policies through enterprise management tools
- Clear browser caches on affected systems to remove potentially poisoned entries
- Review and restrict access to potentially malicious websites during the update period
Patch Information
Mozilla has addressed this vulnerability in Firefox version 123. The fix ensures that optional headers included in fetch() requests are properly incorporated into the cache key generation, preventing the cache collision that enabled this attack. Organizations should prioritize deploying this update across all managed endpoints.
For detailed patch information, consult the Mozilla Security Advisory MFSA-2024-05.
Workarounds
- Disable browser caching temporarily through Firefox configuration settings as an interim measure
- Configure enterprise proxy servers to add Cache-Control: no-store headers for sensitive resources
- Educate users to manually clear browser cache if they suspect content integrity issues
- Consider network-level content integrity verification for critical applications
# Firefox configuration to disable caching (about:config)
# Set the following preference:
browser.cache.disk.enable = false
browser.cache.memory.enable = false
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
