Agent Tesla Malware – Active IOCs
October 31, 2024Grandoreiro Malware – Active IOCs
October 31, 2024Agent Tesla Malware – Active IOCs
October 31, 2024Grandoreiro Malware – Active IOCs
October 31, 2024Severity
Medium
Analysis Summary
CVE-2024-10458 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a permission leak. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using embed or object elements to bypass security restrictions.
CVE-2024-10460 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by confusing display of origin for external protocol handler prompt. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-10458
- CVE-2024-10460
Affected Vendors
Affected Products
- Mozilla Firefox 131
- Mozilla Firefox ESR 128.3
- Mozilla Thunderbird 128.3
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.