First published: Tue Oct 29 2024(Updated: )
Last updated 6 November 2024
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/firefox | 132.0.1-1 | |
debian/firefox-esr | <=115.14.0esr-1~deb11u1<=115.14.0esr-1~deb12u1<=128.3.1esr-2 | 128.4.0esr-1~deb11u1 128.4.0esr-1~deb12u1 128.4.0esr-1 |
debian/thunderbird | <=1:115.12.0-1~deb11u1<=1:115.12.0-1~deb12u1 | 1:128.4.0esr-1~deb11u1 1:128.4.0esr-1~deb12u1 1:128.4.0esr-1 1:128.4.2esr-1 |
Thunderbird | <128.4 | 128.4 |
Thunderbird | <132 | 132 |
Firefox | <128.4.0 | |
Firefox | <132.0 | |
Thunderbird | <128.4.0 | |
Thunderbird | >=129.0<132.0 | |
Firefox | <132 | 132 |
Firefox ESR | <128.4 | 128.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-10462 is considered to have a medium severity level due to its potential for origin spoofing.
To fix CVE-2024-10462, update Firefox to version 132 or later, and Thunderbird to version 132 or later.
CVE-2024-10462 affects Firefox versions below 132, Firefox ESR versions below 128.4, and Thunderbird versions below 128.4.
CVE-2024-10462 is a vulnerability that can lead to origin spoofing through truncation of long URLs in permission prompts.
As of now, there are no publicly disclosed exploits for CVE-2024-10462.