CVE-2024-10460

Oct. 29, 2024, 2:34 p.m.

Product(s) Impacted

Thunderbird

  • < 128.4
  • < 132

Firefox

  • < 132

Firefox ESR

  • < 128.4

Description

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Weaknesses

Date

Published: Oct. 29, 2024, 1:15 p.m.

Last Modified: Oct. 29, 2024, 2:34 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@mozilla.org

References