PT-2024-7553 · Mozilla+10 · Thunderbird+12

James Lee

·

Published

2024-10-29

·

Updated

2025-07-18

·

CVE-2024-10458

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 132 Firefox ESR versions prior to 128.4 Firefox ESR versions prior to 115.17 Thunderbird versions prior to 128.4 Thunderbird versions prior to 132
Description A permission leak could occur from a trusted site to an untrusted site via embed or object elements. This issue is related to incorrect permission preservation. Exploitation of this issue may allow a remote attacker to impact the confidentiality of protected information.
Recommendations For Firefox versions prior to 132, update to version 132 or later. For Firefox ESR versions prior to 128.4, update to version 128.4 or later. For Firefox ESR versions prior to 115.17, update to version 115.17 or later. For Thunderbird versions prior to 128.4, update to version 128.4 or later. For Thunderbird versions prior to 132, update to version 132 or later.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

ALSA-2024:8726
ALSA-2024:8729
ALSA-2024:8790
ALSA-2024:8793
ALSA-2024:9552
ALSA-2024:9554
ALT-PU-2024-15089
ALT-PU-2024-15091
ALT-PU-2024-15092
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-08951
CESA-2024_8729
CESA-2024_8790
CVE-2024-10458
DLA-3943-1
DLA-3944-1
DSA-5801-1
DSA-5803-1
INFSA-2024_8726
INFSA-2024_8729
INFSA-2024_8790
INFSA-2024_8793
INFSA-2024_9552
INFSA-2024_9554
MGASA-2024-0349
MGASA-2024-0350
OESA-2024-2342
OESA-2025-1265
OESA-2025-1268
OESA-2025-1835
OPENSUSE-SU-2024:14438-1
OPENSUSE-SU-2024:14461-1
OPENSUSE-SU-2024:14483-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3898-1
OPENSUSE-SU-2024_4050-1
RHSA-2024:8720
RHSA-2024:8721
RHSA-2024:8722
RHSA-2024:8723
RHSA-2024:8724
RHSA-2024:8725
RHSA-2024:8726
RHSA-2024:8727
RHSA-2024:8728
RHSA-2024:8729
RHSA-2024:8790
RHSA-2024:8793
RHSA-2024:9015
RHSA-2024:9016
RHSA-2024:9017
RHSA-2024:9018
RHSA-2024:9019
RHSA-2024:9552
RHSA-2024:9554
RHSA-2024_8726
RHSA-2024_8729
RHSA-2024_8790
RHSA-2024_8793
RHSA-2024_9552
RHSA-2024_9554
RLSA-2024:8726
RLSA-2024:8729
RLSA-2024:8790
RLSA-2024:8793
ROSA-SA-2025-2563
SUSE-SU-2024:3898-1
SUSE-SU-2024:3899-1
SUSE-SU-2024:4050-1
SUSE-SU-2024_3898-1
SUSE-SU-2024_3899-1
SUSE-SU-2024_4050-1
USN-7086-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu