Vulnerability-Lookup

CVE-2024-2611 (GCVE-0-2024-2611)

Vulnerability from cvelistv5 – Published: 2024-03-19 12:02 – Updated: 2025-02-13 17:41

Summary

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE

Clickjacking vulnerability could have led to a user accidentally granting permissions

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1876675
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://lists.debian.org/debian-lts-announce/2024…
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 124 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 115.9 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.9 (custom)

Credits

Hafiizh

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2611",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-19T15:54:02.538184Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T18:24:44.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:47.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "124",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hafiizh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
            }
          ],
          "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Clickjacking vulnerability could have led to a user accidentally granting permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T17:05:55.226Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-2611",
    "datePublished": "2024-03-19T12:02:55.649Z",
    "dateReserved": "2024-03-18T16:22:30.751Z",
    "dateUpdated": "2025-02-13T17:41:02.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-2611",
      "date": "2026-05-22",
      "epss": "0.00323",
      "percentile": "0.5544"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\"}, {\"lang\": \"es\", \"value\": \"Una demora faltante en el momento en que se us\\u00f3 el bloqueo del puntero podr\\u00eda haber permitido que una p\\u00e1gina maliciosa enga\\u00f1ara a un usuario para que otorgara permisos. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9.\"}]",
      "id": "CVE-2024-2611",
      "lastModified": "2024-11-21T09:10:07.397",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.4}]}",
      "published": "2024-03-19T12:15:09.007",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1876675\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1876675\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2611\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-03-19T12:15:09.007\",\"lastModified\":\"2025-04-01T16:26:40.040\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\"},{\"lang\":\"es\",\"value\":\"Una demora faltante en el momento en que se us\u00f3 el bloqueo del puntero podr\u00eda haber permitido que una p\u00e1gina maliciosa enga\u00f1ara a un usuario para que otorgara permisos. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.9.0\",\"matchCriteriaId\":\"786CED5B-06E5-4CE6-A5FC-AAE9FA4BEB69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"124.0\",\"matchCriteriaId\":\"AA5A5703-41D3-40FB-835D-19DDCAFF384B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.9.0\",\"matchCriteriaId\":\"C598683E-0064-4D4D-B6BF-922DB1BF160D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1876675\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-12/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-13/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-14/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1876675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-12/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-13/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-14/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1876675\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:18:47.977Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2611\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-19T15:54:02.538184Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:38.136Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Hafiizh\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"124\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.9\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.9\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1876675\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-12/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-13/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-14/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Clickjacking vulnerability could have led to a user accidentally granting permissions\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-03-25T17:05:55.226Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2611\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:41:02.264Z\", \"dateReserved\": \"2024-03-18T16:22:30.751Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-03-19T12:02:55.649Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0234

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.9
Mozilla	Firefox	Firefox versions antérieures à 124
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.9

References

Title

Publication Time

CERTFR-2024-AVI-0234

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.9
Mozilla	Firefox	Firefox versions antérieures à 124
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.9

References

Title

Publication Time

alsa-2024:1484

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-03 14:52

Summary

Critical: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1484	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2616	REPORT
	https://access.redhat.com/security/cve/CVE-2024-29944	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270662	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://bugzilla.redhat.com/2271064	REPORT
	https://errata.almalinux.org/8/ALSA-2024-1484.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.el8_9.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.9.1 ESR.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)\n* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)\n* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1484",
  "modified": "2024-04-03T14:52:34Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1484"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2616"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-29944"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270662"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2271064"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-1484.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2616",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614",
    "CVE-2024-29944"
  ],
  "summary": "Critical: firefox security update"
}

alsa-2024:1485

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-03 14:53

Summary

Critical: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1485	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2616	REPORT
	https://access.redhat.com/security/cve/CVE-2024-29944	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270662	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://bugzilla.redhat.com/2271064	REPORT
	https://errata.almalinux.org/9/ALSA-2024-1485.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.1-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.9.1 ESR.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)\n* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)\n* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1485",
  "modified": "2024-04-03T14:53:57Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1485"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2616"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-29944"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270662"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2271064"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-1485.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2616",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614",
    "CVE-2024-29944"
  ],
  "summary": "Critical: firefox security update"
}

alsa-2024:1493

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-10 08:56

Summary

Moderate: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.9.0.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1493	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-1936	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2268171	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://errata.almalinux.org/9/ALSA-2024-1493.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.0-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1493",
  "modified": "2024-04-10T08:56:31Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1493"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1936"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268171"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-1493.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-1936",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614"
  ],
  "summary": "Moderate: thunderbird security update"
}

alsa-2024:1494

Vulnerability from osv_almalinux

Published

2024-03-25 00:00

Modified

2024-04-04 14:02

Summary

Moderate: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.9.0.

Security Fix(es):

nss: timing attack against RSA decryption (CVE-2023-5388)
Mozilla: Crash in NSS TLS method (CVE-2024-0743)
Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)
Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1494	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5388	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0743	REPORT
	https://access.redhat.com/security/cve/CVE-2024-1936	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2607	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2608	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2610	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2611	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2612	REPORT
	https://access.redhat.com/security/cve/CVE-2024-2614	REPORT
	https://bugzilla.redhat.com/2243644	REPORT
	https://bugzilla.redhat.com/2260012	REPORT
	https://bugzilla.redhat.com/2268171	REPORT
	https://bugzilla.redhat.com/2270660	REPORT
	https://bugzilla.redhat.com/2270661	REPORT
	https://bugzilla.redhat.com/2270663	REPORT
	https://bugzilla.redhat.com/2270664	REPORT
	https://bugzilla.redhat.com/2270665	REPORT
	https://bugzilla.redhat.com/2270666	REPORT
	https://errata.almalinux.org/8/ALSA-2024-1494.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.9.0-1.el8_9.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1494",
  "modified": "2024-04-04T14:02:37Z",
  "published": "2024-03-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1494"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1936"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2607"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2608"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2610"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2612"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2614"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243644"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2260012"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268171"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270660"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270661"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270663"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270664"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270665"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270666"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-1494.html"
    }
  ],
  "related": [
    "CVE-2023-5388",
    "CVE-2024-0743",
    "CVE-2024-1936",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2614"
  ],
  "summary": "Moderate: thunderbird security update"
}

CNVD-2024-14976

Vulnerability from cnvd - Published: 2024-03-29

Title

多款Mozilla产品点击劫持漏洞（CNVD-2024-14976）

Description

Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。多款Mozilla产品存在点击劫持漏洞，该漏洞是由于使用指针锁定时缺少延迟而导致的错误。攻击者可利用该漏洞劫持其他用户的点击操作。

Severity

中

Patch Name

多款Mozilla产品点击劫持漏洞（CNVD-2024-14976）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.mozilla.org/security/advisories/mfsa2024-14/

Reference

https://www.mozilla.org/security/advisories/mfsa2024-12/ https://www.mozilla.org/security/advisories/mfsa2024-13/ https://www.mozilla.org/security/advisories/mfsa2024-14/

Impacted products

Name
['Mozilla Firefox ESR <115.9', 'Mozilla Thunderbird <115.9', 'Mozilla Firefox <124']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-2611",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-2611"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4f7f\u7528\u6307\u9488\u9501\u5b9a\u65f6\u7f3a\u5c11\u5ef6\u8fdf\u800c\u5bfc\u81f4\u7684\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u5176\u4ed6\u7528\u6237\u7684\u70b9\u51fb\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-12/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-13/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-14/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14976",
  "openTime": "2024-03-29",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4f7f\u7528\u6307\u9488\u9501\u5b9a\u65f6\u7f3a\u5c11\u5ef6\u8fdf\u800c\u5bfc\u81f4\u7684\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u5176\u4ed6\u7528\u6237\u7684\u70b9\u51fb\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff08CNVD-2024-14976\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox ESR \u003c115.9",
      "Mozilla Thunderbird \u003c115.9",
      "Mozilla Firefox \u003c124"
    ]
  },
  "referenceLink": "https://www.mozilla.org/security/advisories/mfsa2024-12/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-13/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-14/",
  "serverity": "\u4e2d",
  "submitTime": "2024-03-21",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff08CNVD-2024-14976\uff09"
}

FKIE_CVE-2024-2611

Vulnerability from fkie_nvd - Published: 2024-03-19 12:15 - Updated: 2025-04-01 16:26

Severity ?

5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1876675	Exploit, Issue Tracking, Vendor Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html	Mailing List
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html	Mailing List
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-12/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-13/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-14/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1876675	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-12/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-13/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-14/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "786CED5B-06E5-4CE6-A5FC-AAE9FA4BEB69",
              "versionEndExcluding": "115.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "AA5A5703-41D3-40FB-835D-19DDCAFF384B",
              "versionEndExcluding": "124.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C598683E-0064-4D4D-B6BF-922DB1BF160D",
              "versionEndExcluding": "115.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
    },
    {
      "lang": "es",
      "value": "Una demora faltante en el momento en que se us\u00f3 el bloqueo del puntero podr\u00eda haber permitido que una p\u00e1gina maliciosa enga\u00f1ara a un usuario para que otorgara permisos. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9."
    }
  ],
  "id": "CVE-2024-2611",
  "lastModified": "2025-04-01T16:26:40.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-19T12:15:09.007",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-63P7-87M3-8C9V

Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-10-30 21:30

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-2611"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-19T12:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
  "id": "GHSA-63p7-87m3-8c9v",
  "modified": "2024-10-30T21:30:37Z",
  "published": "2024-03-19T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2611"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-2611

Vulnerability from gsd - Updated: 2024-04-02 05:02

Details

Aliases

CVE-2024-2611

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-2611"
      ],
      "details": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
      "id": "GSD-2024-2611",
      "modified": "2024-04-02T05:02:53.328894Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2024-2611",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "124"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.9"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Hafiizh"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Clickjacking vulnerability could have led to a user accidentally granting permissions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9."
          },
          {
            "lang": "es",
            "value": "Una demora faltante en el momento en que se us\u00f3 el bloqueo del puntero podr\u00eda haber permitido que una p\u00e1gina maliciosa enga\u00f1ara a un usuario para que otorgara permisos. Esta vulnerabilidad afecta a Firefox \u0026lt; 124, Firefox ESR \u0026lt; 115.9 y Thunderbird \u0026lt; 115.9."
          }
        ],
        "id": "CVE-2024-2611",
        "lastModified": "2024-03-25T17:15:51.880",
        "metrics": {},
        "published": "2024-03-19T12:15:09.007",
        "references": [
          {
            "source": "security@mozilla.org",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/"
          }
        ],
        "sourceIdentifier": "security@mozilla.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-2611 (GCVE-0-2024-2611)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature