CVE-2024-0742 — UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021 — UI Misrepresentation / Clickjacking14 documents8 sources

Severity

4.3MEDIUMNVD

OSV6.5

EPSS

1.8%

top 17.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +1 more

Timeline

PublishedJan 23

Latest updateMar 4

Description

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 122

▶NVDmozilla/firefox< 122.0

▶CVEListV5mozilla/firefox_esrunspecified — 115.7

▶NVDmozilla/firefox_esr< 115.7

▶Ubuntumozilla/firefox< 122.0.1+build1-0ubuntu0.20.04.1+1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

thunderbird vulnerabilities↗2024-03-04

▶

OSV

firefox regressions↗2024-02-07

▶

OSV

firefox vulnerabilities↗2024-01-29

▶

OSV

CVE-2024-0742: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to↗2024-01-23

▶

GHSA

GHSA-gpvq-2fxv-3pgq: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to↗2024-01-23

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2024-03-04

▶

Ubuntu

Firefox vulnerabilities↗2024-01-29

▶

Red Hat

Mozilla: Failure to update user input timestamp↗2024-01-23

▶

Debian

CVE-2024-0742: firefox - It was possible for certain browser prompts and dialogs to be activated or dismi...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-04: CVE-2024-0742↗

▶