Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMozillaCVELIST:CVE-2024-9394
HistoryOct 01, 2024 - 3:13 p.m.

CVE-2024-9394

2024-10-0115:13:19
mozilla
www.cve.org
attacker
javascript
firefox
thunderbird
cross-origin
vulnerability
JSON

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "131",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "128.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "128.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "131",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cve 1
vulnrichment 1
nvd 1
alpinelinux 1
debiancve 1
nessus 6
mozilla 5
cve
cve
CVE-2024-9394
2024-10-01 16:15:10
vulnrichment
vulnrichment
CVE-2024-9394
2024-10-01 15:13:19
nvd
nvd
CVE-2024-9394
2024-10-01 16:15:10
alpinelinux
alpinelinux
CVE-2024-9394
2024-10-01 16:15:10
debiancve
debiancve
CVE-2024-9394
2024-10-01 16:15:10
nessus
nessus
Mozilla Firefox ESR < 115.16
2024-10-01 00:00:00
Mozilla Firefox ESR < 115.16
2024-10-01 00:00:00
Mozilla Firefox ESR < 128.3
2024-10-01 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.16 — Mozilla
2024-10-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 131 — Mozilla
2024-10-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 128.3 — Mozilla
2024-10-01 00:00:00
JSON
Related for CVELIST:CVE-2024-9394
cve1vulnrichment1nvd1alpinelinux1debiancve1nessus6mozilla5