CVE-2024-10463 — Observable Discrepancy in Mozilla Firefox

CWE-203 — Observable Discrepancy CWE-942 — Permissive Cross-domain Security Policy with Untrusted Domains13 documents8 sources

Severity

6.5MEDIUMNVD

OSV7.5

EPSS

0.5%

top 35.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedOct 29

Latest updateOct 31

Description

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5mozilla/firefoxunspecified — 132

▶NVDmozilla/firefox128.1.0 — 128.4.0+2

▶CVEListV5mozilla/firefox_esrunspecified — 128.4+1

▶Ubuntumozilla/firefox< 132.0+build1-0ubuntu0.20.04.1

▶CVEListV5mozilla/thunderbirdunspecified — 128.4+1

🔴Vulnerability Details

OSV

firefox vulnerabilities↗2024-10-31

▶

CVEList

CVE-2024-10463: Video frames could have been leaked between origins in some situations↗2024-10-29

▶

OSV

CVE-2024-10463: Video frames could have been leaked between origins in some situations↗2024-10-29

▶

GHSA

GHSA-4jv6-884h-v282: Video frames could have been leaked between origins in some situations↗2024-10-29

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2024-10-31

▶

Red Hat

firefox: thunderbird: Cross origin video frame leak↗2024-10-29

▶

Debian

CVE-2024-10463: firefox - Video frames could have been leaked between origins in some situations. This vul...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-57: CVE-2024-10463↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-56: CVE-2024-10463↗

▶