CVE-2024-10460Origin Validation Error in Mozilla Firefox

CWE-346Origin Validation ErrorCWE-940Improper Verification of Source of a Communication Channel13 documents8 sources
Severity
5.3MEDIUMNVD
OSV7.5
EPSS
0.4%
top 38.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 29
Latest updateFeb 2

Description

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified132
NVDmozilla/firefox< 128.4.0+1
CVEListV5mozilla/firefox_esrunspecified128.4
CVEListV5mozilla/thunderbirdunspecified128.4+1
NVDmozilla/thunderbird129132+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-31
GHSA
GHSA-jv24-5j5x-m8w6: The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`2024-10-29
CVEList
CVE-2024-10460: The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`2024-10-29
OSV
CVE-2024-10460: The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`2024-10-29

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Ubuntu
Firefox vulnerabilities2024-10-31
Red Hat
firefox: thunderbird: Confusing display of origin for external protocol handler prompt2024-10-29
Debian
CVE-2024-10460: firefox - The origin of an external protocol handler prompt could have been obscured using...2024
Mozilla
Mozilla Foundation Security Advisory 2024-58: CVE-2024-10460
CVE-2024-10460 — Origin Validation Error in Mozilla | cvebase