CVE-2024-7518

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

S

elect options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1875354	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-35/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-37/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

29 Oct 2024, 20:35

Type	Values Removed	Values Added
CWE		CWE-1021

19 Aug 2024, 17:52

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-33/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-35/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-35/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-37/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-37/ - Vendor Advisory
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:thunderbird:::::::: cpe:2.3:a:mozilla:firefox_esr::::::::
First Time		Mozilla Mozilla firefox Esr Mozilla thunderbird Mozilla firefox

06 Aug 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 13:15

Updated : 2024-10-29 20:35

NVD link : CVE-2024-7518

Mitre link : CVE-2024-7518

CVE.ORG link : CVE-2024-7518

JSON object : View

Products Affected

CWE

NVD-CWE-noinfo CWE-1021

Improper Restriction of Rendered UI Layers or Frames

{"id": "CVE-2024-7518", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-06T13:15:56.970", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1."}, {"lang": "es", "value": "Las opciones seleccionadas podr\u00edan oscurecer el cuadro de di\u00e1logo de notificaci\u00f3n en pantalla completa. Esto podr\u00eda ser utilizado por un sitio malicioso para realizar un ataque de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox < 129, Firefox ESR < 128.1 y Thunderbird < 128.1."}], "lastModified": "2024-10-29T20:35:43.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E096FE78-91CC-4F06-A87A-226CDEBD483C", "versionEndExcluding": "129"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32A0E6D7-D4FF-448F-A55B-E63A5DDFA8DD", "versionEndExcluding": "128.1"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6FF3091-7DD4-4265-8F19-A64EB03831ED", "versionEndExcluding": "128.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}