CVE-2024-5691 — Protection Mechanism Failure in Mozilla Firefox
Severity
4.7MEDIUMNVD
OSV8.1
EPSS
0.2%
top 61.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateJul 3
Description
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages8 packages
🔴Vulnerability Details
5GHSA▶
GHSA-xhxm-p3qv-qprc: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass res↗2024-06-11
CVEList▶
CVE-2024-5691: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass res↗2024-06-11
OSV▶
CVE-2024-5691: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass res↗2024-06-11
📋Vendor Advisories
7Red Hat
▶
Debian▶
CVE-2024-5691: firefox - By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe coul...↗2024