CVE-2024-7518

{"id": "CVE-2024-7518", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-06T13:15:56.970", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1."}, {"lang": "es", "value": "Las opciones seleccionadas podr\u00edan oscurecer el cuadro de di\u00e1logo de notificaci\u00f3n en pantalla completa. Esto podr\u00eda ser utilizado por un sitio malicioso para realizar un ataque de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox &lt; 129, Firefox ESR &lt; 128.1 y Thunderbird &lt; 128.1."}], "lastModified": "2024-10-29T20:35:43.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E096FE78-91CC-4F06-A87A-226CDEBD483C", "versionEndExcluding": "129"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32A0E6D7-D4FF-448F-A55B-E63A5DDFA8DD", "versionEndExcluding": "128.1"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6FF3091-7DD4-4265-8F19-A64EB03831ED", "versionEndExcluding": "128.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}