CVE-2024-10458 Affecting firefox package, versions <0:128.4.0-1.0.1.el9_4
Threat Intelligence
EPSS
0.07% (30th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE9-FIREFOX-8322623
- published 2 Nov 2024
- disclosed 29 Oct 2024
How to fix?
Upgrade Oracle:9 firefox to version 0:128.4.0-1.0.1.el9_4 or higher.
This issue was patched in ELSA-2024-8726.
NVD Description
Note: Versions mentioned in the description apply only to the upstream firefox package and not the firefox package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
References
- https://linux.oracle.com/cve/CVE-2024-10458.html
- https://linux.oracle.com/errata/ELSA-2024-8726.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1921733
- https://www.mozilla.org/security/advisories/mfsa2024-55/
- https://www.mozilla.org/security/advisories/mfsa2024-56/
- https://www.mozilla.org/security/advisories/mfsa2024-57/
- https://www.mozilla.org/security/advisories/mfsa2024-58/
- https://www.mozilla.org/security/advisories/mfsa2024-59/
CVSS Scores
version 3.1