2024-10-01 18:03:19 +00:00
{
"id" : "CVE-2024-9397" ,
"sourceIdentifier" : "security@mozilla.org" ,
"published" : "2024-10-01T16:15:10.847" ,
2025-03-18 17:03:48 +00:00
"lastModified" : "2025-03-18T16:15:26.400" ,
"vulnStatus" : "Modified" ,
2024-10-01 18:03:19 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131."
2024-10-04 14:03:27 +00:00
} ,
{
"lang" : "es" ,
"value" : "La falta de un retraso en la interfaz de usuario para cargar directorios podr\u00eda haber permitido que un atacante enga\u00f1ara a un usuario para que otorgara permiso mediante clickjacking. Esta vulnerabilidad afecta a Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3 y Thunderbird < 131."
2024-10-01 18:03:19 +00:00
}
] ,
2024-10-11 18:03:17 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM" ,
2024-10-11 18:03:17 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-10-11 18:03:17 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
2025-03-18 17:03:48 +00:00
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
2024-10-11 18:03:17 +00:00
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-1021"
}
]
2025-03-18 17:03:48 +00:00
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-1021"
}
]
2024-10-11 18:03:17 +00:00
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "131.0" ,
"matchCriteriaId" : "DA47FFCA-3451-462C-8FFB-47143C65E65A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "128.3.0" ,
"matchCriteriaId" : "AD504E26-CAAF-43F1-B808-C7E16F2ABDA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "128.3" ,
"matchCriteriaId" : "2B27464A-8C97-4D45-B7BE-CD1E3EA1DFD6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:129.0:beta:*:*:*:*:*:*" ,
"matchCriteriaId" : "1CF643F7-C722-44F1-827C-3974B45A3D0D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:129.0:beta2:*:*:*:*:*:*" ,
"matchCriteriaId" : "963ACFD6-B12A-4A66-A539-FD156C6F5220"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:129.0:beta3:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9E39014-2E8F-4E19-9575-978AB56E451A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:129.0:beta4:*:*:*:*:*:*" ,
"matchCriteriaId" : "28752A54-6016-4F6E-983B-CB54FEA19E5F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:129.0:beta5:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA46E15E-0C2B-4F6E-8BA3-B7CB32C58D43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:129.0:beta6:*:*:*:*:*:*" ,
"matchCriteriaId" : "90AD96F8-A88B-4B70-A4D2-CD7637DF239A"
}
]
}
]
}
] ,
2024-10-01 18:03:19 +00:00
"references" : [
{
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1916659" ,
2024-10-11 18:03:17 +00:00
"source" : "security@mozilla.org" ,
"tags" : [
"Issue Tracking" ,
"Permissions Required"
]
2024-10-01 18:03:19 +00:00
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2024-46/" ,
2024-10-11 18:03:17 +00:00
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
2024-10-01 18:03:19 +00:00
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2024-47/" ,
2024-10-11 18:03:17 +00:00
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
2024-10-01 18:03:19 +00:00
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2024-49/" ,
2024-10-11 18:03:17 +00:00
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
2024-10-01 18:03:19 +00:00
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2024-50/" ,
2024-10-11 18:03:17 +00:00
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
2024-10-01 18:03:19 +00:00
}
]
}
