CVE-2024-8900 — Incorrect Permission Assignment in Mozilla Firefox

CWE-732 — Incorrect Permission Assignment9 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 55.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedSep 17

Description

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5mozilla/firefoxunspecified — 129

▶NVDmozilla/firefox< 129.0

▶CVEListV5mozilla/firefox_esrunspecified — 128.3

▶CVEListV5mozilla/thunderbirdunspecified — 128.3

▶Debianmozilla/thunderbird< 1:128.3.0esr-1+1

🔴Vulnerability Details

OSV

CVE-2024-8900: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events↗2024-09-17

▶

GHSA

GHSA-97x9-7h6v-3jx9: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events↗2024-09-17

▶

CVEList

CVE-2024-8900: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events↗2024-09-17

▶

📋Vendor Advisories

Red Hat

firefox: Clipboard write permission bypass↗2024-09-17

▶

Debian

CVE-2024-8900: firefox - An attacker could write data to the user's clipboard, bypassing the user prompt,...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-47: CVE-2024-8900↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-49: CVE-2024-8900↗

▶

Mozilla

Mozilla Foundation Security Advisory 2024-33: CVE-2024-8900↗

▶