{
  "id": "CVE-2024-5691",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2024-06-11T13:15:50.690",
  "lastModified": "2024-06-19T10:15:11.280",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
    },
    {
      "lang": "es",
      "value": "Al enga\u00f1ar al navegador con un encabezado `X-Frame-Options`, un iframe en espacio aislado podr\u00eda haber presentado un bot\u00f3n que, si un usuario hiciera clic en \u00e9l, evitar\u00eda las restricciones para abrir una nueva ventana. Esta vulnerabilidad afecta a Firefox &lt; 127 y Firefox ESR &lt; 115.12."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888695",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-26/",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
      "source": "security@mozilla.org"
    }
  ]
}