PT-2024-7771 · Mozilla+9 · Thunderbird+11
Shaheen Fazim
·
Published
2024-10-01
·
Updated
2026-02-02
·
CVE-2024-9397
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 131
Firefox ESR versions prior to 128.3
Thunderbird versions prior to 128.3
Thunderbird versions prior to 131
Description
The issue is related to a missing delay in the directory upload UI, which could allow an attacker to trick a user into granting permission via clickjacking. This could enable a remote attacker to conduct a clickjacking attack.
Recommendations
For Firefox versions prior to 131, update to version 131 or later to resolve the issue.
For Firefox ESR versions prior to 128.3, update to version 128.3 or later to resolve the issue.
For Thunderbird versions prior to 128.3, update to version 128.3 or later to resolve the issue.
For Thunderbird versions prior to 131, update to version 131 or later to resolve the issue.
As a temporary workaround, consider restricting access to the directory upload UI to minimize the risk of exploitation.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu