CVE-2024-6612 is a vulnerability identified in Mozilla Firefox and Thunderbird prior to version 128, related to the handling of Content Security Policy (CSP) violations within the browser's developer tools console. When a CSP violation occurs, the console tab generates links pointing to the violating resource. These links cause the browser to perform DNS prefetching on the resource's domain, which inadvertently leaks the occurrence of a CSP violation to any network observer monitoring DNS queries. This side-channel information leak is classified under CWE-200 (Information Exposure). The vulnerability does not require any privileges or user interaction to be exploited, as it is triggered by normal browser behavior when rendering CSP violation reports. The impact is limited to confidentiality, as it can reveal that a CSP violation happened, potentially exposing browsing or security policy enforcement details. The CVSS v3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact. No known exploits have been reported in the wild at the time of publication. The vulnerability affects all Firefox and Thunderbird versions prior to 128, though exact affected versions are unspecified. The root cause is the automatic DNS prefetching triggered by console links generated for CSP violations, which should not leak such information. This issue is expected to be addressed in upcoming browser updates by disabling or modifying this behavior.

For European organizations, the primary impact of CVE-2024-6612 is the potential leakage of sensitive browsing information through DNS prefetch requests triggered by CSP violation console links. This could allow network adversaries, including malicious insiders or state-level actors, to infer the occurrence of CSP violations, which might reveal attempts to block or restrict certain web content or scripts. Such information leakage can undermine privacy and confidentiality, particularly for organizations handling sensitive or regulated data such as financial institutions, healthcare providers, and government agencies. While the vulnerability does not allow code execution or service disruption, the exposure of CSP violation events could aid attackers in reconnaissance or in crafting targeted attacks. Given the widespread use of Firefox and Thunderbird in Europe, especially in privacy-conscious countries, this vulnerability poses a moderate risk. However, the lack of known exploits and the requirement that the victim must visit or interact with content causing CSP violations somewhat limits the scope of impact. Organizations relying on Firefox or Thunderbird for secure communications or web access should consider this vulnerability in their risk assessments.

To mitigate CVE-2024-6612, European organizations should prioritize updating Mozilla Firefox and Thunderbird to version 128 or later once the patches are released, as this will directly address the DNS prefetch leakage issue. Until updates are available, organizations can reduce risk by disabling DNS prefetching in Firefox and Thunderbird settings (e.g., setting 'network.dns.disablePrefetch' to true in about:config) to prevent automatic DNS queries triggered by console links. Additionally, restricting access to developer tools or limiting the use of developer consoles in managed environments can reduce exposure. Network-level monitoring and filtering of suspicious DNS queries related to CSP violation domains may help detect or block potential information leaks. Security teams should also educate users about the risks of visiting untrusted websites that may cause CSP violations and monitor browser update advisories from Mozilla. Incorporating CSP violation monitoring and logging at the web application level can help detect attempts to bypass security policies without relying solely on browser console data.