CVE-2024-10465Authentication Bypass by Spoofing in Mozilla Firefox

CWE-290Authentication Bypass by SpoofingCWE-20Improper Input Validation13 documents8 sources
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.5%
top 33.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 29
Latest updateFeb 2

Description

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified132
NVDmozilla/firefox< 128.4.0+1
CVEListV5mozilla/firefox_esrunspecified128.4
CVEListV5mozilla/thunderbirdunspecified128.4+1
NVDmozilla/thunderbird129.0132.0+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-31
GHSA
GHSA-jx2m-9x57-vwr5: A clipboard "paste" button could persist across tabs which allowed a spoofing attack2024-10-29
OSV
CVE-2024-10465: A clipboard "paste" button could persist across tabs which allowed a spoofing attack2024-10-29
CVEList
CVE-2024-10465: A clipboard "paste" button could persist across tabs which allowed a spoofing attack2024-10-29

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Ubuntu
Firefox vulnerabilities2024-10-31
Red Hat
firefox: thunderbird: Clipboard "paste" button persisted across tabs2024-10-29
Debian
CVE-2024-10465: firefox - A clipboard "paste" button could persist across tabs which allowed a spoofing at...2024
Mozilla
Mozilla Foundation Security Advisory 2024-59: CVE-2024-10465
CVE-2024-10465 — Authentication Bypass by Spoofing | cvebase