CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1918301	Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-46/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-47/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-48/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-49/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-50/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird:129.0:beta::::::
	cpe:2.3:a:mozilla:thunderbird:129.0:beta2::::::
	cpe:2.3:a:mozilla:thunderbird:129.0:beta3::::::
	cpe:2.3:a:mozilla:thunderbird:129.0:beta4::::::
	cpe:2.3:a:mozilla:thunderbird:129.0:beta5::::::
	cpe:2.3:a:mozilla:thunderbird:129.0:beta6::::::

History

No history.

Information

Published : 2024-10-01 16:15

Updated : 2025-03-14 16:15

NVD link : CVE-2024-9393

Mitre link : CVE-2024-9393

CVE.ORG link : CVE-2024-9393

JSON object : View

Products Affected

mozilla

firefox_esr
firefox
thunderbird

CWE

NVD-CWE-Other CWE-346

Origin Validation Error

{"id": "CVE-2024-9393", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-01T16:15:10.623", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918301", "tags": ["Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-46/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-47/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-48/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-49/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-50/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to \"same site\" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131."}, {"lang": "es", "value": "Un atacante podr\u00eda, mediante una respuesta de varias partes especialmente manipulada, ejecutar c\u00f3digo JavaScript arbitrario bajo el origen `resource://pdf.js`. Esto podr\u00eda permitirle acceder a contenido PDF de origen cruzado. Este acceso est\u00e1 limitado a documentos del \"mismo sitio\" por la funci\u00f3n de aislamiento de sitios en los clientes de escritorio, pero el acceso completo de origen cruzado es posible en las versiones de Android. Esta vulnerabilidad afecta a Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3 y Thunderbird < 131."}], "lastModified": "2025-03-14T16:15:39.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA47FFCA-3451-462C-8FFB-47143C65E65A", "versionEndExcluding": "131.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE98FB6E-21A3-4917-8806-09D3AF4FB876", "versionEndExcluding": "115.16.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAB84369-2EC9-42EC-A9BF-95A3EB9925C1", "versionEndExcluding": "128.3.0", "versionStartIncluding": "116.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B27464A-8C97-4D45-B7BE-CD1E3EA1DFD6", "versionEndExcluding": "128.3"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:129.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CF643F7-C722-44F1-827C-3974B45A3D0D"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:129.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "963ACFD6-B12A-4A66-A539-FD156C6F5220"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:129.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9E39014-2E8F-4E19-9575-978AB56E451A"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:129.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28752A54-6016-4F6E-983B-CB54FEA19E5F"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:129.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA46E15E-0C2B-4F6E-8BA3-B7CB32C58D43"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:129.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90AD96F8-A88B-4B70-A4D2-CD7637DF239A"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}