PT-2024-7938 · Mozilla+7 · Thunderbird+9

Om Apip

Published

2024-08-06

Updated

2025-07-18

CVE-2024-8900

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 129 Firefox ESR versions prior to 128.3 Thunderbird versions prior to 128.3

Description The issue is related to insufficient access control in web browsers, allowing an attacker to write data to the user's clipboard without prompting, during specific navigational events. This could potentially impact data integrity.

Recommendations For Firefox versions prior to 129, update to version 129 or later to resolve the issue. For Firefox ESR versions prior to 128.3, update to version 128.3 or later to resolve the issue. For Thunderbird versions prior to 128.3, update to version 128.3 or later to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-732

Related Identifiers

ALSA-2024:7700

ALT-PU-2024-13895

ALT-PU-2024-13897

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

ALT-PU-2024-15841

BDU:2024-09442

CESA-2024_7700

CVE-2024-8900

INFSA-2024_7700

MGASA-2024-0334

OESA-2025-1835

OPENSUSE-SU-2024:14394-1

OPENSUSE-SU-2024:14397-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024_3614-1

OPENSUSE-SU-2024_3629-1

RHSA-2024:7621

RHSA-2024:7622

RHSA-2024:7646

RHSA-2024:7700

RHSA-2024:7702

RHSA-2024:7703

RHSA-2024:7704

RHSA-2024:7842

RHSA-2024_7700

RLSA-2024:7700

SUSE-SU-2024:3518-1

SUSE-SU-2024:3519-1

SUSE-SU-2024:3603-1

SUSE-SU-2024:3614-1

SUSE-SU-2024:3629-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Red Hat

Rocky Linux

Suse

Thunderbird

PT-2024-7938 · Mozilla+7 · Thunderbird+9

CVE-2024-8900

Weakness Enumeration

Related Identifiers

Affected Products

References · 2033