CVE-2024-10463
published 2024-10-29CVE-2024-10463: Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | firefox-esr | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | thunderbird | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| mozilla | firefox | < 115.17.0 | 115.17.0 |
| mozilla | firefox | < 132.0 | 132.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 132.0+build1-0ubuntu0.20.04.1 | 132.0+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 128.1.0 < 128.4.0 | 128.4.0 |
| mozilla | firefox | >= unspecified < 132 | 132 |
| mozilla | firefox_esr | >= unspecified < 128.4 | 128.4 |
| mozilla | firefox_esr | >= unspecified < 115.17 | 115.17 |
| mozilla | thunderbird | < 128.4.0 | 128.4.0 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb11u1 | 1:128.4.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb12u1 | 1:128.4.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 132.0 | 132.0 |
| mozilla | thunderbird | >= unspecified < 128.4 | 128.4 |
| mozilla | thunderbird | >= unspecified < 132 | 132 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv7.5HIGH
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-10-31·CVSS 7.5
CVE-2024-10459 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
Instructions: After a standard system update you need to restart Firefox to make all the
necessary changes.
Red Hat
firefox: thunderbird: Cross origin video frame leak
vendor_redhat·2024-10-29·CVSS 6.5
CVE-2024-10463 [MEDIUM] CWE-942 firefox: thunderbird: Cross origin video frame leak
firefox: thunderbird: Cross origin video frame leak
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Video frames could have been leaked between origins in some situations.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 7) - Out of support scope
Package: firefox-flatpa
Debian
CVE-2024-10463: firefox - Video frames could have been leaked between origins in some situations. This vul...
vendor_debian·2024·CVSS 6.5
CVE-2024-10463 [MEDIUM] CVE-2024-10463: firefox - Video frames could have been leaked between origins in some situations. This vul...
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Scope: local
sid: resolved (fixed in 132.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-57: CVE-2024-10463
vendor_mozilla·CVSS 6.5
CVE-2024-10463 [MEDIUM] Mozilla Foundation Security Advisory 2024-57: CVE-2024-10463
Mozilla Foundation Security Advisory 2024-57
CVE: CVE-2024-10463
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 115.17
Mozilla
Mozilla Foundation Security Advisory 2024-56: CVE-2024-10463
vendor_mozilla·CVSS 6.5
CVE-2024-10463 [MEDIUM] Mozilla Foundation Security Advisory 2024-56: CVE-2024-10463
Mozilla Foundation Security Advisory 2024-56
CVE: CVE-2024-10463
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 128.4
Mozilla
Mozilla Foundation Security Advisory 2024-55: CVE-2024-10463
vendor_mozilla·CVSS 6.5
CVE-2024-10463 [MEDIUM] Mozilla Foundation Security Advisory 2024-55: CVE-2024-10463
Mozilla Foundation Security Advisory 2024-55
CVE: CVE-2024-10463
Product: Firefox
Impact: moderate
Fixed in: Firefox 132
Mozilla
Mozilla Foundation Security Advisory 2024-58: CVE-2024-10463
vendor_mozilla·CVSS 6.5
CVE-2024-10463 [MEDIUM] Mozilla Foundation Security Advisory 2024-58: CVE-2024-10463
Mozilla Foundation Security Advisory 2024-58
CVE: CVE-2024-10463
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 128.4
Mozilla
Mozilla Foundation Security Advisory 2024-59: CVE-2024-10463
vendor_mozilla·CVSS 6.5
CVE-2024-10463 [MEDIUM] Mozilla Foundation Security Advisory 2024-59: CVE-2024-10463
Mozilla Foundation Security Advisory 2024-59
CVE: CVE-2024-10463
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 132
OSV
firefox vulnerabilities
osv·2024-10-31·CVSS 7.5
CVE-2024-10458 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
OSV
CVE-2024-10463: Video frames could have been leaked between origins in some situations
osv·2024-10-29·CVSS 6.5
CVE-2024-10463 [MEDIUM] CVE-2024-10463: Video frames could have been leaked between origins in some situations
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
GHSA
GHSA-4jv6-884h-v282: Video frames could have been leaked between origins in some situations
ghsa_unreviewed·2024-10-29
CVE-2024-10463 [HIGH] CWE-203 GHSA-4jv6-884h-v282: Video frames could have been leaked between origins in some situations
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1920800https://www.mozilla.org/security/advisories/mfsa2024-55/https://www.mozilla.org/security/advisories/mfsa2024-56/https://www.mozilla.org/security/advisories/mfsa2024-57/https://www.mozilla.org/security/advisories/mfsa2024-58/https://www.mozilla.org/security/advisories/mfsa2024-59/https://lists.debian.org/debian-lts-announce/2024/10/msg00034.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00001.html
2024-10-29
Published