PT-2024-10119 · Mozilla+10 · Thunderbird+12
Hafiizh
·
Published
2024-05-14
·
Updated
2025-10-17
·
CVE-2024-4768
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 126
Mozilla Firefox ESR versions prior to 115.11
Thunderbird versions prior to 115.11
Description
The issue is related to incorrect permission handling, which can be exploited by a remote attacker to conduct a clickjacking attack. This can be achieved by tricking a user into granting permissions, potentially through manipulated popup notifications interacting with WebAuthn.
Recommendations
For Mozilla Firefox versions prior to 126, update to version 126 or later to resolve the issue.
For Mozilla Firefox ESR versions prior to 115.11, update to version 115.11 or later to resolve the issue.
For Thunderbird versions prior to 115.11, update to version 115.11 or later to resolve the issue.
Exploit
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Firefox
Firefox Esr
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu