User Interface (UI) Misrepresentation of Critical Information Affecting thunderbird package, versions [,128.4)
Threat Intelligence
EPSS
0.05% (22nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-THUNDERBIRD-8309563
- published 29 Oct 2024
- disclosed 29 Oct 2024
- credit Shaheen Fazim
Introduced: 29 Oct 2024
New CVE-2024-10460 Open this link in a new tabHow to fix?
Upgrade thunderbird
to version 128.4 or higher.
Overview
Affected versions of this package are vulnerable to User Interface (UI) Misrepresentation of Critical Information via the use of a data
URL within an iframe
. An attacker can obscure the origin of an external protocol handler prompt, potentially misleading users into interacting with malicious content.