CVE-2024-10458
published 2024-10-29CVE-2024-10458: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | firefox-esr | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | thunderbird | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| mozilla | firefox | < 115.17 | 115.17 |
| mozilla | firefox | < 132.0 | 132.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 132.0+build1-0ubuntu0.20.04.1 | 132.0+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 116.0 < 128.4.0 | 128.4.0 |
| mozilla | firefox | >= unspecified < 132 | 132 |
| mozilla | firefox_esr | >= unspecified < 128.4 | 128.4 |
| mozilla | firefox_esr | >= unspecified < 115.17 | 115.17 |
| mozilla | thunderbird | < 128.4.0 | 128.4.0 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb11u1 | 1:128.4.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb12u1 | 1:128.4.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 132.0 | 132.0 |
| mozilla | thunderbird | >= unspecified < 128.4 | 128.4 |
| mozilla | thunderbird | >= unspecified < 132 | 132 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-10-31·CVSS 7.5
CVE-2024-10459 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
Instructions: After a standard system update you need to restart Firefox to make all the
necessary changes.
Red Hat
firefox: thunderbird: Permission leak via embed or object elements
vendor_redhat·2024-10-29·CVSS 7.5
CVE-2024-10458 [HIGH] CWE-280 firefox: thunderbird: Permission leak via embed or object elements
firefox: thunderbird: Permission leak via embed or object elements
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
The Mozilla Foundation's Security Advisory: A permission leak could occur from a trusted site to an untrusted site via `embed` or `object` elements.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 7) - Out of support
Debian
CVE-2024-10458: firefox - A permission leak could have occurred from a trusted site to an untrusted site v...
vendor_debian·2024·CVSS 7.5
CVE-2024-10458 [HIGH] CVE-2024-10458: firefox - A permission leak could have occurred from a trusted site to an untrusted site v...
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Scope: local
sid: resolved (fixed in 132.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-58: CVE-2024-10458
vendor_mozilla·CVSS 7.5
CVE-2024-10458 [HIGH] Mozilla Foundation Security Advisory 2024-58: CVE-2024-10458
Mozilla Foundation Security Advisory 2024-58
CVE: CVE-2024-10458
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 128.4
Mozilla
Mozilla Foundation Security Advisory 2024-55: CVE-2024-10458
vendor_mozilla·CVSS 7.5
CVE-2024-10458 [HIGH] Mozilla Foundation Security Advisory 2024-55: CVE-2024-10458
Mozilla Foundation Security Advisory 2024-55
CVE: CVE-2024-10458
Product: Firefox
Impact: moderate
Fixed in: Firefox 132
Mozilla
Mozilla Foundation Security Advisory 2024-59: CVE-2024-10458
vendor_mozilla·CVSS 7.5
CVE-2024-10458 [HIGH] Mozilla Foundation Security Advisory 2024-59: CVE-2024-10458
Mozilla Foundation Security Advisory 2024-59
CVE: CVE-2024-10458
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 132
Mozilla
Mozilla Foundation Security Advisory 2024-57: CVE-2024-10458
vendor_mozilla·CVSS 7.5
CVE-2024-10458 [HIGH] Mozilla Foundation Security Advisory 2024-57: CVE-2024-10458
Mozilla Foundation Security Advisory 2024-57
CVE: CVE-2024-10458
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 115.17
Mozilla
Mozilla Foundation Security Advisory 2024-56: CVE-2024-10458
vendor_mozilla·CVSS 7.5
CVE-2024-10458 [HIGH] Mozilla Foundation Security Advisory 2024-56: CVE-2024-10458
Mozilla Foundation Security Advisory 2024-56
CVE: CVE-2024-10458
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 128.4
OSV
firefox vulnerabilities
osv·2024-10-31·CVSS 7.5
CVE-2024-10458 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
GHSA
GHSA-87x3-r6f2-m885: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
ghsa_unreviewed·2024-10-29
CVE-2024-10458 [HIGH] CWE-281 GHSA-87x3-r6f2-m885: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
OSV
CVE-2024-10458: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
osv·2024-10-29·CVSS 7.5
CVE-2024-10458 [HIGH] CVE-2024-10458: A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1921733https://www.mozilla.org/security/advisories/mfsa2024-55/https://www.mozilla.org/security/advisories/mfsa2024-56/https://www.mozilla.org/security/advisories/mfsa2024-57/https://www.mozilla.org/security/advisories/mfsa2024-58/https://www.mozilla.org/security/advisories/mfsa2024-59/https://lists.debian.org/debian-lts-announce/2024/10/msg00034.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00001.html
2024-10-29
Published