Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-5691

Опубликовано: 11 июн. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.7

Описание

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

РелизСтатусПримечание
devel

not-affected

code not present
esm-infra/focal

DNE

focal

released

127.0.2+build1-0ubuntu0.20.04.1
jammy

not-affected

code not present
mantic

not-affected

code not present
noble

not-affected

code not present
upstream

released

127

Показывать по

РелизСтатусПримечание
devel

ignored

esm-apps/noble

ignored

esm-infra/focal

DNE

focal

DNE

jammy

ignored

mantic

ignored

end of life, was needs-triage
noble

ignored

upstream

ignored

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

ignored

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

ignored

esm-infra/bionic

ignored

focal

ignored

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

ignored

focal

ignored

jammy

DNE

mantic

DNE

noble

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/jammy

ignored

esm-infra/focal

DNE

focal

DNE

jammy

ignored

mantic

DNE

noble

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

mantic

DNE

noble

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
devel

not-affected

code not present
esm-infra/focal

DNE

focal

released

1:115.12.0+build3-0ubuntu0.20.04.1
jammy

released

1:115.12.0+build3-0ubuntu0.22.04.1
mantic

released

1:115.12.0+build3-0ubuntu0.23.10.1
noble

not-affected

code not present
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%
0.0008
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-5691

CVSS3: 6.1
redhat
около 1 года назад

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

nvd логотип

CVE-2024-5691

CVSS3: 4.7
nvd
около 1 года назад

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

debian логотип

CVE-2024-5691

CVSS3: 4.7
debian
около 1 года назад

By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...

github логотип

GHSA-xhxm-p3qv-qprc

CVSS3: 4.7
github
около 1 года назад

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.

fstec логотип

BDU:2024-05144

CVSS3: 6.1
fstec
около 1 года назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти ограничения безопасности и провести атаку типа clickjacking («захват клика»)

EPSS

Процентиль: 25%
0.0008
Низкий

4.7 Medium

CVSS3