CVE-2024-10462Authentication Bypass by Spoofing in Mozilla Firefox

CWE-290Authentication Bypass by SpoofingCWE-280Improper Handling of Insufficient Permissions or Privileges13 documents8 sources
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.5%
top 33.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 29
Latest updateFeb 2

Description

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified132
NVDmozilla/firefox< 128.4.0+1
CVEListV5mozilla/firefox_esrunspecified128.4
CVEListV5mozilla/thunderbirdunspecified128.4+1
NVDmozilla/thunderbird129.0132.0+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-31
CVEList
CVE-2024-10462: Truncation of a long URL could have allowed origin spoofing in a permission prompt2024-10-29
GHSA
GHSA-6rc3-wcpj-59ch: Truncation of a long URL could have allowed origin spoofing in a permission prompt2024-10-29
OSV
CVE-2024-10462: Truncation of a long URL could have allowed origin spoofing in a permission prompt2024-10-29

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Ubuntu
Firefox vulnerabilities2024-10-31
Red Hat
firefox: thunderbird: Origin of permission prompt could be spoofed by long URL2024-10-29
Debian
CVE-2024-10462: firefox - Truncation of a long URL could have allowed origin spoofing in a permission prom...2024
Mozilla
Mozilla Foundation Security Advisory 2024-55: CVE-2024-10462
CVE-2024-10462 — Authentication Bypass by Spoofing | cvebase