CVE-2024-7518

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

29 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-1021

19 Aug 2024, 17:52

Type Values Removed Values Added
Summary
  • (es) Las opciones seleccionadas podrían oscurecer el cuadro de diálogo de notificación en pantalla completa. Esto podría ser utilizado por un sitio malicioso para realizar un ataque de suplantación de identidad. Esta vulnerabilidad afecta a Firefox &lt; 129, Firefox ESR &lt; 128.1 y Thunderbird &lt; 128.1.
First Time Mozilla firefox Esr
Mozilla
Mozilla thunderbird
Mozilla firefox
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 - Issue Tracking
References () https://www.mozilla.org/security/advisories/mfsa2024-33/ - () https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-35/ - () https://www.mozilla.org/security/advisories/mfsa2024-35/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-37/ - () https://www.mozilla.org/security/advisories/mfsa2024-37/ - Vendor Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

06 Aug 2024, 23:15

Type Values Removed Values Added
Summary (en) Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. (en) Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-37/ -

06 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 13:15

Updated : 2024-10-29 20:35


NVD link : CVE-2024-7518

Mitre link : CVE-2024-7518

CVE.ORG link : CVE-2024-7518


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
  • firefox_esr
CWE
NVD-CWE-noinfo CWE-1021

Improper Restriction of Rendered UI Layers or Frames