Lucene search

MozillaVULNRICHMENT:CVE-2024-9397

HistoryOct 01, 2024 - 3:13 p.m.

CVE-2024-9397

2024-10-0115:13:20

mozilla

github.com

delay

directory upload

clickjacking

vulnerability

firefox

thunderbird

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

References

bugzilla.mozilla.org/show_bug.cgi?id=1916659

www.mozilla.org/security/advisories/mfsa2024-46/

www.mozilla.org/security/advisories/mfsa2024-47/

www.mozilla.org/security/advisories/mfsa2024-49/

www.mozilla.org/security/advisories/mfsa2024-50/