CVE-2024-7523

A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1908344	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-33/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*

History

30 Aug 2024, 12:59

Type	Values Removed	Values Added
CWE	~~CWE-1021~~	NVD-CWE-Other

29 Aug 2024, 17:41

Type	Values Removed	Values Added
First Time		Mozilla Mozilla firefox
Summary		(es) Una opción seleccionada podría ocultar parcialmente las indicaciones de seguridad. Esto podría ser utilizado por un sitio malicioso para engañar a un usuario para que conceda permisos. Este problema solo afecta a las versiones de Firefox para Android. Esta vulnerabilidad afecta a Firefox < 129.
CWE		CWE-1021
CPE		cpe:2.3:a:mozilla:firefox::::::android::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1908344 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1908344 - Issue Tracking, Permissions Required
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-33/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory

06 Aug 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 13:15

Updated : 2024-10-30 20:35

NVD link : CVE-2024-7523

Mitre link : CVE-2024-7523

CVE.ORG link : CVE-2024-7523

JSON object : View

Products Affected

mozilla

firefox

CWE

NVD-CWE-Other

{"id": "CVE-2024-7523", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-08-06T13:15:57.297", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908344", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. \n*This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129."}, {"lang": "es", "value": "Una opci\u00f3n seleccionada podr\u00eda ocultar parcialmente las indicaciones de seguridad. Esto podr\u00eda ser utilizado por un sitio malicioso para enga\u00f1ar a un usuario para que conceda permisos. *Este problema solo afecta a las versiones de Firefox para Android.* Esta vulnerabilidad afecta a Firefox < 129."}], "lastModified": "2024-10-30T20:35:40.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "5B4557B2-3B2F-4640-865C-8D61337D5BA0", "versionEndExcluding": "129"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}