CVE-2024-10458

Published: Oct 29, 2024Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Affected (5)

Products: Mozilla: Firefox, Thunderbird

2 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 132.0
Mozilla Firefox	Before 115.17
Mozilla Firefox	From 116.0 to 128.4.0
Mozilla Thunderbird	Before 128.4.0
Mozilla Thunderbird	From 129.0 to 132.0

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (8)

https://bugzilla.mozilla.org/show_bug.cgi?id=1921733

Source: security@mozilla.org

Issue Tracking

https://www.mozilla.org/security/advisories/mfsa2024-55/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-56/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-57/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-58/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-59/

Source: security@mozilla.org

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/10/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/11/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.