PT-2024-7776 · Mozilla+10 · Thunderbird+12
David Klein
+1
·
Published
2024-10-01
·
Updated
2025-07-18
·
CVE-2024-9392
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 131
Firefox ESR versions prior to 128.3
Firefox ESR versions prior to 115.16
Thunderbird versions prior to 128.3
Thunderbird versions prior to 131
Description
The issue is related to a flaw in the CORS mechanism of Mozilla Firefox, Firefox ESR, and the Thunderbird email client, specifically an error in source data confirmation. This could allow a remote attacker to bypass security restrictions, potentially leading to the arbitrary loading of cross-origin pages.
Recommendations
For Firefox versions prior to 131, update to version 131 or later.
For Firefox ESR versions prior to 128.3, update to version 128.3 or later.
For Firefox ESR versions prior to 115.16, update to version 115.16 or later.
For Thunderbird versions prior to 128.3, update to version 128.3 or later.
For Thunderbird versions prior to 131, update to version 131 or later.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu