CVE-2024-9392 — Origin Validation Error in Mozilla

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 131.0-1 (sid)	firefox 131.0-1 (sid)
debian	firefox-esr	< firefox 131.0-1 (sid)	firefox 131.0-1 (sid)
debian	thunderbird	< firefox 131.0-1 (sid)	firefox 131.0-1 (sid)
mozilla	firefox	< 115.6.0	115.6.0
mozilla	firefox	< 131.0	131.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 131.0+build1.1-0ubuntu0.20.04.1	131.0+build1.1-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 131	131
mozilla	firefox_esr	>= unspecified < 128.3	128.3
mozilla	firefox_esr	>= unspecified < 115.16	115.16
mozilla	thunderbird	< 128.3.0	128.3.0
mozilla	thunderbird	>= 0 < 1:115.16.0esr-1~deb11u1	1:115.16.0esr-1~deb11u1
mozilla	thunderbird	>= 0 < 1:115.16.0esr-1~deb12u1	1:115.16.0esr-1~deb12u1
mozilla	thunderbird	>= 0 < 1:128.3.0esr-1	1:128.3.0esr-1
mozilla	thunderbird	>= 0 < 1:128.3.0esr-1	1:128.3.0esr-1
mozilla	thunderbird	>= 129.0 < 131.0	131.0
mozilla	thunderbird	>= unspecified < 128.3	128.3
mozilla	thunderbird	>= unspecified < 131	131

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-10-07·CVSS 9.8

CVE-2024-9394 [CRITICAL] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-9392, CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400, CVE-2024-9401, CVE-2024-9402, CVE-2024-9403) Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://pdf.js" origin. An attacker could potentially exploit this issue to execute arbitrary javascript code and access cross-origin PDF content. (CVE-2024-9393) Masato Kinugawa discovered that Firefox did not properl

Red Hat

firefox: thunderbird: Compromised content process can bypass site isolation

vendor_redhat·2024-10-01·CVSS 9.8

CVE-2024-9392 [CRITICAL] CWE-346 firefox: thunderbird: Compromised content process can bypass site isolation firefox: thunderbird: Compromised content process can bypass site isolation A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. The Mozilla Foundation's Security Advisory: A compromised content process could allow for the arbitrary loading of cross-origin pages. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 10) - Not affected Package: thunderbird (Red Hat Enterprise Linux 10) - Not affected Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat E

Debian

CVE-2024-9392: firefox - A compromised content process could have allowed for the arbitrary loading of cr...

vendor_debian·2024·CVSS 9.8

CVE-2024-9392 [CRITICAL] CVE-2024-9392: firefox - A compromised content process could have allowed for the arbitrary loading of cr... A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Scope: local sid: resolved (fixed in 131.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-49: CVE-2024-9392

vendor_mozilla·CVSS 9.8

CVE-2024-9392 [CRITICAL] Mozilla Foundation Security Advisory 2024-49: CVE-2024-9392 Mozilla Foundation Security Advisory 2024-49 CVE: CVE-2024-9392 Product: Thunderbird Impact: high Fixed in: Thunderbird 128.3

Mozilla

Mozilla Foundation Security Advisory 2024-46: CVE-2024-9392

vendor_mozilla·CVSS 9.8

CVE-2024-9392 [CRITICAL] Mozilla Foundation Security Advisory 2024-46: CVE-2024-9392 Mozilla Foundation Security Advisory 2024-46 CVE: CVE-2024-9392 Product: Firefox Impact: high Fixed in: Firefox 131

Mozilla

Mozilla Foundation Security Advisory 2024-50: CVE-2024-9392

vendor_mozilla·CVSS 9.8

CVE-2024-9392 [CRITICAL] Mozilla Foundation Security Advisory 2024-50: CVE-2024-9392 Mozilla Foundation Security Advisory 2024-50 CVE: CVE-2024-9392 Product: Thunderbird Impact: high Fixed in: Thunderbird 131

Mozilla

Mozilla Foundation Security Advisory 2024-48: CVE-2024-9392

vendor_mozilla·CVSS 9.8

CVE-2024-9392 [CRITICAL] Mozilla Foundation Security Advisory 2024-48: CVE-2024-9392 Mozilla Foundation Security Advisory 2024-48 CVE: CVE-2024-9392 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.16

Mozilla

Mozilla Foundation Security Advisory 2024-47: CVE-2024-9392

vendor_mozilla·CVSS 9.8

CVE-2024-9392 [CRITICAL] Mozilla Foundation Security Advisory 2024-47: CVE-2024-9392 Mozilla Foundation Security Advisory 2024-47 CVE: CVE-2024-9392 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 128.3

OSV

firefox vulnerabilities

osv·2024-10-07·CVSS 9.8

CVE-2024-9392 [CRITICAL] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-9392, CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400, CVE-2024-9401, CVE-2024-9402, CVE-2024-9403) Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://pdf.js" origin. An attacker could potentially exploit this issue to execute arbitrary javascript code and access cross-origin PDF content. (CVE-2024-9393) Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://devtools" origin. An

GHSA

GHSA-hc6r-wpfc-q7m8: A compromised content process could have allowed for the arbitrary loading of cross-origin pages

ghsa_unreviewed·2024-10-01

CVE-2024-9392 [CRITICAL] CWE-346 GHSA-hc6r-wpfc-q7m8: A compromised content process could have allowed for the arbitrary loading of cross-origin pages A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

OSV

CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages

osv·2024-10-01·CVSS 9.8

CVE-2024-9392 [CRITICAL] CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR <…

Affected

CVSS provenance