CVE-2024-10465
published 2024-10-29CVE-2024-10465: A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | firefox-esr | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| debian | thunderbird | < firefox 132.0-1 (sid) | firefox 132.0-1 (sid) |
| mozilla | firefox | < 128.4.0 | 128.4.0 |
| mozilla | firefox | < 132.0 | 132.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 132.0+build1-0ubuntu0.20.04.1 | 132.0+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 132 | 132 |
| mozilla | firefox_esr | >= unspecified < 128.4 | 128.4 |
| mozilla | thunderbird | < 128.4.0 | 128.4.0 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb11u1 | 1:128.4.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1~deb12u1 | 1:128.4.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.4.0esr-1 | 1:128.4.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 132.0 | 132.0 |
| mozilla | thunderbird | >= unspecified < 128.4 | 128.4 |
| mozilla | thunderbird | >= unspecified < 132 | 132 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv7.5HIGH
OSV
firefox vulnerabilities
osv·2024-10-31·CVSS 7.5
CVE-2024-10458 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
GHSA
GHSA-jx2m-9x57-vwr5: A clipboard "paste" button could persist across tabs which allowed a spoofing attack
ghsa_unreviewed·2024-10-29
CVE-2024-10465 [HIGH] CWE-290 GHSA-jx2m-9x57-vwr5: A clipboard "paste" button could persist across tabs which allowed a spoofing attack
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
OSV
CVE-2024-10465: A clipboard "paste" button could persist across tabs which allowed a spoofing attack
osv·2024-10-29·CVSS 6.5
CVE-2024-10465 [MEDIUM] CVE-2024-10465: A clipboard "paste" button could persist across tabs which allowed a spoofing attack
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2026-02-02
CVE-2025-8031 Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-10-31·CVSS 7.5
CVE-2024-10459 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
Instructions: After a standard system update you need to restart Firefox to make all the
necessary changes.
Red Hat
firefox: thunderbird: Clipboard "paste" button persisted across tabs
vendor_redhat·2024-10-29·CVSS 6.5
CVE-2024-10465 [MEDIUM] CWE-20 firefox: thunderbird: Clipboard "paste" button persisted across tabs
firefox: thunderbird: Clipboard "paste" button persisted across tabs
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 7) - Out of support scope
Package: firefox-flatpak-container (Red Hat Enterprise Linu
Debian
CVE-2024-10465: firefox - A clipboard "paste" button could persist across tabs which allowed a spoofing at...
vendor_debian·2024·CVSS 6.5
CVE-2024-10465 [MEDIUM] CVE-2024-10465: firefox - A clipboard "paste" button could persist across tabs which allowed a spoofing at...
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Scope: local
sid: resolved (fixed in 132.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-59: CVE-2024-10465
vendor_mozilla·CVSS 6.5
CVE-2024-10465 [MEDIUM] Mozilla Foundation Security Advisory 2024-59: CVE-2024-10465
Mozilla Foundation Security Advisory 2024-59
CVE: CVE-2024-10465
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 132
Mozilla
Mozilla Foundation Security Advisory 2024-56: CVE-2024-10465
vendor_mozilla·CVSS 6.5
CVE-2024-10465 [MEDIUM] Mozilla Foundation Security Advisory 2024-56: CVE-2024-10465
Mozilla Foundation Security Advisory 2024-56
CVE: CVE-2024-10465
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 128.4
Mozilla
Mozilla Foundation Security Advisory 2024-55: CVE-2024-10465
vendor_mozilla·CVSS 6.5
CVE-2024-10465 [MEDIUM] Mozilla Foundation Security Advisory 2024-55: CVE-2024-10465
Mozilla Foundation Security Advisory 2024-55
CVE: CVE-2024-10465
Product: Firefox
Impact: moderate
Fixed in: Firefox 132
Mozilla
Mozilla Foundation Security Advisory 2024-58: CVE-2024-10465
vendor_mozilla·CVSS 6.5
CVE-2024-10465 [MEDIUM] Mozilla Foundation Security Advisory 2024-58: CVE-2024-10465
Mozilla Foundation Security Advisory 2024-58
CVE: CVE-2024-10465
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 128.4
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1918853https://www.mozilla.org/security/advisories/mfsa2024-55/https://www.mozilla.org/security/advisories/mfsa2024-56/https://www.mozilla.org/security/advisories/mfsa2024-58/https://www.mozilla.org/security/advisories/mfsa2024-59/https://lists.debian.org/debian-lts-announce/2024/10/msg00034.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00001.html
2024-10-29
Published