CVE-2024-10465: 
NixOS vulnerability analysis and mitigation

CVE-2024-10465 is a security vulnerability discovered in Mozilla products where a clipboard "paste" button could persist across tabs, enabling a spoofing attack. The vulnerability affects Firefox versions prior to 132, Firefox ESR versions before 128.4, Thunderbird versions before 128.4, and Thunderbird versions before 132. This issue was reported by Kang Ali and Nur Fadhillah of Punggawa Cybersecurity (Mozilla Advisory).

The vulnerability is classified as a spoofing attack vulnerability, categorized under CWE-290 (Authentication Bypass by Spoofing). According to the National Vulnerability Database, it has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The CISA-ADP assessment rates it slightly higher at 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability allows a clipboard "paste" button to persist across different tabs, which could lead to spoofing attacks. This could potentially allow attackers to manipulate user interface elements and trick users into performing unintended actions (Mozilla Advisory).

The vulnerability has been patched in Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132. Users are advised to update their software to these versions or later to mitigate the risk (Mozilla Advisory).