6.5

CVE-2024-7518

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 129
MozillaFirefox ESR Version < 128.1
MozillaThunderbird Version < 128.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.376
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

https://bugzilla.mozilla.org/show_bug.cgi?id=1875354
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-33/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-35/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-37/
Vendor Advisory