CVE-2024-8386
03.09.2024, 13:15
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 130.0 |
| mozilla | firefox_esr | 𝑥 < 128.2 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| mozjs102 |
| ||||||||||||
| mozjs115 |
| ||||||||||||
| mozjs38 |
| ||||||||||||
| mozjs52 |
| ||||||||||||
| mozjs68 |
| ||||||||||||
| mozjs78 |
| ||||||||||||
| mozjs91 |
| ||||||||||||
| thunderbird |
|
Common Weakness Enumeration
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
- CWE-290 - Authentication Bypass by SpoofingThis attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
References