Lucene search
MozillaVULNRICHMENT:CVE-2024-9393HistoryOct 01, 2024 - 3:13 p.m.
CVE-2024-9393
2024-10-0115:13:19
mozilla
github.com
vulnerability
firefox
thunderbird
arbitrary javascript
cross-origin access
pdf
site isolation
android
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
Related
nvd
nvd
CVE-2024-9393
2024-10-01 16:15:10
debiancve
debiancve
CVE-2024-9393
2024-10-01 16:15:10
cve
cve
CVE-2024-9393
2024-10-01 16:15:10
alpinelinux
alpinelinux
CVE-2024-9393
2024-10-01 16:15:10
cvelist
cvelist
CVE-2024-9393
2024-10-01 15:13:19
nessus
nessus
Mozilla Firefox ESR < 115.16
2024-10-01 00:00:00
Mozilla Firefox ESR < 115.16
2024-10-01 00:00:00
Mozilla Firefox ESR < 128.3
2024-10-01 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.16 — Mozilla
2024-10-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 128.3 — Mozilla
2024-10-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 131 — Mozilla
2024-10-01 00:00:00
AI Score
6.4
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-9393