CVE-2024-10460

Summary

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 132affected
MozillaFirefox ESRunspecified < 128.4affected
MozillaThunderbirdunspecified < 128.4affected
MozillaThunderbirdunspecified < 132affected

Weaknesses

  • Confusing display of origin for external protocol handler prompt

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References