CVE-2024-10458Improper Preservation of Permissions in Mozilla Firefox

CWE-281Improper Preservation of PermissionsCWE-280Improper Handling of Insufficient Permissions or Privileges13 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 36.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 29
Latest updateOct 31

Description

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified132
NVDmozilla/firefox116.0128.4.0+2
CVEListV5mozilla/firefox_esrunspecified128.4+1
Ubuntumozilla/firefox< 132.0+build1-0ubuntu0.20.04.1
CVEListV5mozilla/thunderbirdunspecified128.4+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-31
CVEList
CVE-2024-10458: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements2024-10-29
GHSA
GHSA-87x3-r6f2-m885: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements2024-10-29
OSV
CVE-2024-10458: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements2024-10-29

📋Vendor Advisories

8
Ubuntu
Firefox vulnerabilities2024-10-31
Red Hat
firefox: thunderbird: Permission leak via embed or object elements2024-10-29
Debian
CVE-2024-10458: firefox - A permission leak could have occurred from a trusted site to an untrusted site v...2024
Mozilla
Mozilla Foundation Security Advisory 2024-58: CVE-2024-10458
Mozilla
Mozilla Foundation Security Advisory 2024-55: CVE-2024-10458
CVE-2024-10458 — Improper Preservation of Permissions | cvebase