PT-2024-10471 · Mozilla+10 · Thunderbird+12

Karl Tomlinson

Published

2024-10-29

Updated

2025-07-18

CVE-2024-10463

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 132 Firefox ESR versions prior to 128.4 Firefox ESR versions prior to 115.17 Thunderbird versions prior to 128.4 Thunderbird versions prior to 132

Description The issue is related to the potential leakage of video frames between origins in certain situations, which could allow a remote attacker to access potentially confidential information due to inconsistency.

Recommendations For Firefox versions prior to 132, update to version 132 or later. For Firefox ESR versions prior to 128.4, update to version 128.4 or later. For Firefox ESR versions prior to 115.17, update to version 115.17 or later. For Thunderbird versions prior to 128.4, update to version 128.4 or later. For Thunderbird versions prior to 132, update to version 132 or later.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALSA-2024:8726

ALSA-2024:8729

ALSA-2024:8790

ALSA-2024:8793

ALSA-2024:9552

ALSA-2024:9554

ALT-PU-2024-15089

ALT-PU-2024-15091

ALT-PU-2024-15092

ALT-PU-2024-15839

ALT-PU-2024-15840

ALT-PU-2024-15841

ALT-PU-2025-2672

ALT-PU-2025-8904

BDU:2025-01014

CESA-2024_8729

CESA-2024_8790

CVE-2024-10463

DLA-3943-1

DLA-3944-1

DSA-5801-1

DSA-5803-1

INFSA-2024_8726

INFSA-2024_8729

INFSA-2024_8790

INFSA-2024_8793

INFSA-2024_9552

INFSA-2024_9554

MGASA-2024-0349

MGASA-2024-0350

OESA-2024-2342

OESA-2025-1265

OESA-2025-1268

OESA-2025-1835

OPENSUSE-SU-2024:14438-1

OPENSUSE-SU-2024:14461-1

OPENSUSE-SU-2024:14483-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_3898-1

OPENSUSE-SU-2024_4050-1

RHSA-2024:8720

RHSA-2024:8721

RHSA-2024:8722

RHSA-2024:8723

RHSA-2024:8724

RHSA-2024:8725

RHSA-2024:8726

RHSA-2024:8727

RHSA-2024:8728

RHSA-2024:8729

RHSA-2024:8790

RHSA-2024:8793

RHSA-2024:9015

RHSA-2024:9016

RHSA-2024:9017

RHSA-2024:9018

RHSA-2024:9019

RHSA-2024:9552

RHSA-2024:9554

RHSA-2024_8726

RHSA-2024_8729

RHSA-2024_8790

RHSA-2024_8793

RHSA-2024_9552

RHSA-2024_9554

RLSA-2024:8726

RLSA-2024:8729

RLSA-2024:8790

RLSA-2024:8793

ROSA-SA-2025-2563

SUSE-SU-2024:3898-1

SUSE-SU-2024:3899-1

SUSE-SU-2024:4050-1

USN-7086-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2024-10471 · Mozilla+10 · Thunderbird+12

CVE-2024-10463

Weakness Enumeration

Related Identifiers

Affected Products

References · 2253