Products
Thunderbird
- < 128.3
- < 131
Firefox
- < 131
- < 128.3
Source
security@mozilla.org
Tags
CVE-2024-9397 details
Published : Oct. 1, 2024, 4:15 p.m.
Last Modified : Oct. 1, 2024, 4:15 p.m.
Last Modified : Oct. 1, 2024, 4:15 p.m.
Description
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1916659 | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-46/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-47/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-49/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-50/ | security@mozilla.org |
This website uses the NVD API, but is not approved or certified by it.