Firefox Vulnerability: Permission Leak Due to Embed or Object Elements
CVE-2024-10458

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 29 October 2024

Summary

A vulnerability exists in Mozilla products that may allow a permission leak from a trusted site to an untrusted site when using embed or object HTML elements. This flaw affects several versions of Firefox and Thunderbird, potentially exposing sensitive user permissions to malicious external content. Users of affected versions are encouraged to review security advisories and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Firefox < 132

Firefox ESR < 128.4

Firefox ESR < 115.17

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1921733

https://www.mozilla.org/security/advisories/mfsa2024-55/

https://www.mozilla.org/security/advisories/mfsa2024-56/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024
Vulnerability Reserved
Oct 28, 2024

Credit

James Lee