Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-9393HistoryOct 01, 2024 - 4:15 p.m.
CVE-2024-9393
2024-10-0116:15:10
Alpine Linux Development Team
security.alpinelinux.org
javascript
cross-origin access
multipart response
firefox
thunderbird
AI Score
6.8
Confidence
High
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | firefox | = 130.0.1-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | firefox | = 130.0.1-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | firefox-esr | = 115.15.0-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | thunderbird | = 128.2.2-r0 | UNKNOWN |
| Alpine | edge-community | noarch | firefox-esr | = 115.16.0-r0 | UNKNOWN |
| Alpine | edge-community | noarch | thunderbird | = 128.2.3-r0 | UNKNOWN |
Related
nvd
nvd
CVE-2024-9393
2024-10-01 16:15:10
debiancve
debiancve
CVE-2024-9393
2024-10-01 16:15:10
vulnrichment
vulnrichment
CVE-2024-9393
2024-10-01 15:13:19
cve
cve
CVE-2024-9393
2024-10-01 16:15:10
cvelist
cvelist
CVE-2024-9393
2024-10-01 15:13:19
nessus
nessus
Mozilla Firefox ESR < 115.16
2024-10-01 00:00:00
Mozilla Firefox ESR < 115.16
2024-10-01 00:00:00
Mozilla Firefox ESR < 128.3
2024-10-01 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.16 — Mozilla
2024-10-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 128.3 — Mozilla
2024-10-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 131 — Mozilla
2024-10-01 00:00:00