CVE-2024-5691

Summary

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 127affected
MozillaFirefox ESRunspecified < 115.12affected
MozillaThunderbirdunspecified < 115.12affected

Weaknesses

  • Sandboxed iframes were able to bypass sandbox restrictions to open a new window

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References