CVE-2024-8386

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

History

30 Oct 2024, 17:35

Type Values Removed Values Added
CWE CWE-290

06 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. (en) If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-43/ -

04 Sep 2024, 15:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Mozilla
Mozilla firefox Esr
Mozilla firefox
CPE cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CWE CWE-601
Summary
  • (es) Si a un sitio se le hubiera otorgado permiso para abrir ventanas emergentes, podría provocar que los elementos Select aparecieran sobre otro sitio para realizar un ataque de suplantación de identidad. Esta vulnerabilidad afecta a Firefox &lt; 130 y Firefox ESR &lt; 128.2.
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 - Issue Tracking, Permissions Required
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1909163 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1909163 - Issue Tracking, Permissions Required
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1909529 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1909529 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-39/ - () https://www.mozilla.org/security/advisories/mfsa2024-39/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-40/ - () https://www.mozilla.org/security/advisories/mfsa2024-40/ - Vendor Advisory

03 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 13:15

Updated : 2024-10-30 17:35


NVD link : CVE-2024-8386

Mitre link : CVE-2024-8386

CVE.ORG link : CVE-2024-8386


JSON object : View

Products Affected

mozilla

  • firefox
  • firefox_esr
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-290

Authentication Bypass by Spoofing