PT-2024-4636 · Mozilla+10 · Thunderbird+12

Luan Herrera

·

Published

2024-06-11

·

Updated

2025-03-14

·

CVE-2024-5691

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 127 Firefox ESR versions prior to 115.12 Thunderbird versions prior to 115.12
Description: The issue is related to security setting errors in Mozilla browsers, allowing a remote attacker to bypass security restrictions and conduct a clickjacking attack. By exploiting this, a sandboxed iframe could present a button that, if clicked by a user, would bypass restrictions to open a new window, potentially tricking the browser with a X-Frame-Options header.
Recommendations: For Firefox versions prior to 127, update to version 127 or later to resolve the issue. For Firefox ESR versions prior to 115.12, update to version 115.12 or later to resolve the issue. For Thunderbird versions prior to 115.12, update to version 115.12 or later to resolve the issue.

Exploit

Fix

Improper Access Control

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-693CWE-254

Related Identifiers

ALSA-2024:3954
ALSA-2024:3955
ALSA-2024:4002
ALSA-2024:4036
ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-14780
ALT-PU-2024-14892
ALT-PU-2024-15087
ALT-PU-2024-15175
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-05144
CESA-2024_3954
CESA-2024_4036
CVE-2024-5691
DLA-3825-1
DLA-3836-1
DSA-5709-1
DSA-5711-1
INFSA-2024_3954
INFSA-2024_3955
INFSA-2024_4002
INFSA-2024_4036
MGASA-2024-0222
MGASA-2024-0231
OESA-2024-2013
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:14044-1
OPENSUSE-SU-2024:14049-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_2061-1
RHSA-2024:3949
RHSA-2024:3950
RHSA-2024:3951
RHSA-2024:3952
RHSA-2024:3953
RHSA-2024:3954
RHSA-2024:3955
RHSA-2024:3958
RHSA-2024:3972
RHSA-2024:4001
RHSA-2024:4002
RHSA-2024:4003
RHSA-2024:4004
RHSA-2024:4015
RHSA-2024:4016
RHSA-2024:4018
RHSA-2024:4036
RHSA-2024:4063
RHSA-2024_3951
RHSA-2024_3954
RHSA-2024_3955
RHSA-2024_4002
RHSA-2024_4016
RHSA-2024_4036
RLSA-2024:3954
RLSA-2024:3955
RLSA-2024:4002
RLSA-2024:4036
SUSE-SU-2024:2012-1
SUSE-SU-2024:2061-1
SUSE-SU-2024:2073-1
SUSE-SU-2024:2371-1
SUSE-SU-2024:2399-1
USN-6840-1
USN-6862-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu