CVE-2024-5691

CVSS v3.1 4.7 (Medium)

EPSS 0.05 % (22^th)

Affected Products 3

Advisories 33

NVD Status Analyzed

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Mozilla Corporation
Published Date: 2024-06-11 13:15:50
(3 months ago)
Updated Date: 2024-08-16 14:44:05
(4 weeks ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 127.0 version	cpe:2.3:a:mozilla:firefox	< 127.0
Mozilla Firefox Esr prior 115.12 version	cpe:2.3:a:mozilla:firefox_esr	< 115.12
Mozilla Thunderbird prior 115.12 version	cpe:2.3:a:mozilla:thunderbird	< 115.12