CVE-2024-8900
firefox: Clipboard write permission bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129.
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 128.4.0 are affected.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-09-16 CVE Reserved
- 2024-09-17 CVE Published
- 2024-10-02 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (6)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-8900 | 2024-10-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2312914 | 2024-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | * | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | * | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | * | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Els Search vendor "Redhat" for product "Rhel Els" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Packagehub Search vendor "Suse" for product "Packagehub" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-module-desktop-applications Search vendor "Suse" for product "Sle-module-desktop-applications" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-sdk Search vendor "Suse" for product "Sle-sdk" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-we Search vendor "Suse" for product "Sle-we" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
|