CVE-2024-10462
published 2024-10-29CVE-2024-10462: Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | firefox-esr | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | thunderbird | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| mozilla | firefox | < 128.4.0 | 128.4.0 |
| mozilla | firefox | < 132.0 | 132.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 132.0+build1-0ubuntu0.20.04.1 | 132.0+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 132 | 132 |
| mozilla | firefox_esr | >= unspecified < 128.4 | 128.4 |
| mozilla | thunderbird | < 128.4.0 | 128.4.0 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb11u1 | 1:128.4.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb12u1 | 1:128.4.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 132.0 | 132.0 |
| mozilla | thunderbird | >= unspecified < 128.4 | 128.4 |
| mozilla | thunderbird | >= unspecified < 132 | 132 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv7.5HIGH
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2026-02-02
CVE-2025-8031 Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-10-31·CVSS 7.5
CVE-2024-10459 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
Instructions: After a standard system update you need to restart Firefox to make all the
necessary changes.
Red Hat
firefox: thunderbird: Origin of permission prompt could be spoofed by long URL
vendor_redhat·2024-10-29·CVSS 6.5
CVE-2024-10462 [MEDIUM] CWE-280 firefox: thunderbird: Origin of permission prompt could be spoofed by long URL
firefox: thunderbird: Origin of permission prompt could be spoofed by long URL
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Truncation of a long URL could have allowed origin spoofing in a permission prompt.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 7) - Out of support s
Debian
CVE-2024-10462: firefox - Truncation of a long URL could have allowed origin spoofing in a permission prom...
vendor_debian·2024·CVSS 6.5
CVE-2024-10462 [MEDIUM] CVE-2024-10462: firefox - Truncation of a long URL could have allowed origin spoofing in a permission prom...
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Scope: local
sid: resolved (fixed in 132.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-55: CVE-2024-10462
vendor_mozilla·CVSS 6.5
CVE-2024-10462 [MEDIUM] Mozilla Foundation Security Advisory 2024-55: CVE-2024-10462
Mozilla Foundation Security Advisory 2024-55
CVE: CVE-2024-10462
Product: Firefox
Impact: moderate
Fixed in: Firefox 132
Mozilla
Mozilla Foundation Security Advisory 2024-58: CVE-2024-10462
vendor_mozilla·CVSS 6.5
CVE-2024-10462 [MEDIUM] Mozilla Foundation Security Advisory 2024-58: CVE-2024-10462
Mozilla Foundation Security Advisory 2024-58
CVE: CVE-2024-10462
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 128.4
Mozilla
Mozilla Foundation Security Advisory 2024-56: CVE-2024-10462
vendor_mozilla·CVSS 6.5
CVE-2024-10462 [MEDIUM] Mozilla Foundation Security Advisory 2024-56: CVE-2024-10462
Mozilla Foundation Security Advisory 2024-56
CVE: CVE-2024-10462
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 128.4
Mozilla
Mozilla Foundation Security Advisory 2024-59: CVE-2024-10462
vendor_mozilla·CVSS 6.5
CVE-2024-10462 [MEDIUM] Mozilla Foundation Security Advisory 2024-59: CVE-2024-10462
Mozilla Foundation Security Advisory 2024-59
CVE: CVE-2024-10462
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 132
OSV
firefox vulnerabilities
osv·2024-10-31·CVSS 7.5
CVE-2024-10458 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
GHSA
GHSA-6rc3-wcpj-59ch: Truncation of a long URL could have allowed origin spoofing in a permission prompt
ghsa_unreviewed·2024-10-29
CVE-2024-10462 [HIGH] CWE-290 GHSA-6rc3-wcpj-59ch: Truncation of a long URL could have allowed origin spoofing in a permission prompt
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
OSV
CVE-2024-10462: Truncation of a long URL could have allowed origin spoofing in a permission prompt
osv·2024-10-29·CVSS 6.5
CVE-2024-10462 [MEDIUM] CVE-2024-10462: Truncation of a long URL could have allowed origin spoofing in a permission prompt
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1920423https://www.mozilla.org/security/advisories/mfsa2024-55/https://www.mozilla.org/security/advisories/mfsa2024-56/https://www.mozilla.org/security/advisories/mfsa2024-58/https://www.mozilla.org/security/advisories/mfsa2024-59/https://lists.debian.org/debian-lts-announce/2024/10/msg00034.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00001.html
2024-10-29
Published