CVE-2024-8900

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

30 Oct 2024, 15:35

Type Values Removed Values Added
CWE CWE-732

01 Oct 2024, 16:15

Type Values Removed Values Added
Summary (en) An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129. (en) An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-47/ -
  • () https://www.mozilla.org/security/advisories/mfsa2024-49/ -

01 Oct 2024, 12:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
First Time Mozilla
Mozilla firefox
CWE NVD-CWE-noinfo
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 - Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-33/ - () https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Un atacante podría escribir datos en el portapapeles del usuario, sin tener en cuenta la solicitud de usuario, durante una determinada secuencia de eventos de navegación. Esta vulnerabilidad afecta a Firefox anterior a la versión 129.

17 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 19:15

Updated : 2024-10-30 15:35


NVD link : CVE-2024-8900

Mitre link : CVE-2024-8900

CVE.ORG link : CVE-2024-8900


JSON object : View

Products Affected

mozilla

  • firefox
CWE
NVD-CWE-noinfo CWE-732

Incorrect Permission Assignment for Critical Resource