CVE-2024-9392Origin Validation Error in Mozilla Firefox

CWE-346Origin Validation Error13 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 64.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedOct 1
Latest updateOct 7

Description

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified131
NVDmozilla/firefox< 115.6.0+1
CVEListV5mozilla/firefox_esrunspecified128.3+1
Ubuntumozilla/firefox< 131.0+build1.1-0ubuntu0.20.04.1
CVEListV5mozilla/thunderbirdunspecified128.3+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-10-07
CVEList
CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages2024-10-01
GHSA
GHSA-hc6r-wpfc-q7m8: A compromised content process could have allowed for the arbitrary loading of cross-origin pages2024-10-01
OSV
CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages2024-10-01

📋Vendor Advisories

8
Ubuntu
Firefox vulnerabilities2024-10-07
Red Hat
firefox: thunderbird: Compromised content process can bypass site isolation2024-10-01
Debian
CVE-2024-9392: firefox - A compromised content process could have allowed for the arbitrary loading of cr...2024
Mozilla
Mozilla Foundation Security Advisory 2024-49: CVE-2024-9392
Mozilla
Mozilla Foundation Security Advisory 2024-46: CVE-2024-9392
CVE-2024-9392 — Origin Validation Error in Mozilla | cvebase