CVE-2024-10462 | THREATINT

Description

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

PUBLISHED Reserved 2024-10-28 | Published 2024-10-29 | Updated 2025-11-03 | Assigner mozilla

Problem types

Origin of permission prompt could be spoofed by long URL

Product status

Any version before 132

affected

Any version before 128.4

affected

Any version before 128.4

affected

Any version before 132

affected

Credits

Hafiizh

References

lists.debian.org/debian-lts-announce/2024/11/msg00001.html

lists.debian.org/debian-lts-announce/2024/10/msg00034.html

bugzilla.mozilla.org/show_bug.cgi?id=1920423

www.mozilla.org/security/advisories/mfsa2024-55/

www.mozilla.org/security/advisories/mfsa2024-56/

www.mozilla.org/security/advisories/mfsa2024-58/

www.mozilla.org/security/advisories/mfsa2024-59/

cve.org (CVE-2024-10462)

nvd.nist.gov (CVE-2024-10462)

Download JSON