QwikSec

Security Database

CVE

CWE

Training

CVE-2024-5691

Published: Jun 11, 2024

Modified: Mar 19, 2025

PUBLISHED

Description

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 127`
Mozilla	Firefox ESR	affected `unspecified - < 115.12`
Mozilla	Thunderbird	affected `unspecified - < 115.12`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1888695

https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html

https://www.mozilla.org/security/advisories/mfsa2024-25/

https://www.mozilla.org/security/advisories/mfsa2024-26/

https://www.mozilla.org/security/advisories/mfsa2024-28/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.