VDB
DEBIAN-CVE-2024-9392
DEBIAN-CVE-2024-9392
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | thunderbird | 1:115.2.2-1, 1:115.3.0-1, 1:115.3.1-1 |
| Debian:11 | thunderbird | 1:91.7.0-2~deb10u1, 1:91.7.0-2~deb9u1, 1:91.8.0-1 |
| Debian:13 | thunderbird | 0, 0 |
| Debian:11 | firefox-esr | 91.3.0esr-1, 102.13.0, 102.14.0 |
| Debian:13 | firefox-esr | 0, 0 |
| Debian:12 | firefox-esr | 115.8.0, 115.8.0, 115.8.0 |
| Debian:14 | firefox-esr | 0, 0 |
| Debian:14 | thunderbird | 0, 0 |
Exploit Intelligence
- seen_cves.json (github-poc)
Timeline
- Oct 1, 2024 CVE Published
- Apr 28, 2026 CVE Updated