MEDIUM 5.3 Published on 2024-10-29

CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS 0.4% percentile 62.0%

Affected tracked apps

Thunderbird

winget:Mozilla.Thunderbird

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
mozilla	thunderbird	Windows	<128.4	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird	Windows	≥129 <132	cpe:2.3:a:mozilla:thunderbird::::::::

View on NVD ↗