CVE-2024-8900

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8900
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-33/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-47/
https://www.mozilla.org/security/advisories/mfsa2024-49/
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
History

30 Oct 2024, 15:35

Type Values Removed Values Added
CWE CWE-732

01 Oct 2024, 16:15

Type Values Removed Values Added
Summary (en) An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129. (en) An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-47/ -
  • () https://www.mozilla.org/security/advisories/mfsa2024-49/ -

01 Oct 2024, 12:30

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 - Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-33/ - () https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Mozilla
Mozilla firefox
CWE NVD-CWE-noinfo

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Un atacante podría escribir datos en el portapapeles del usuario, sin tener en cuenta la solicitud de usuario, durante una determinada secuencia de eventos de navegación. Esta vulnerabilidad afecta a Firefox anterior a la versión 129.

17 Sep 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-17 19:15

Updated : 2024-10-30 15:35

NVD link : CVE-2024-8900

Mitre link : CVE-2024-8900

CVE.ORG link : CVE-2024-8900

JSON object : View

Products Affected

mozilla

  • firefox
CWE
NVD-CWE-noinfo CWE-732

Incorrect Permission Assignment for Critical Resource


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024