CVE-2024-0749 — Origin Validation Error in Mozilla

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	firefox	< firefox 122.0-1 (sid)	firefox 122.0-1 (sid)
debian	firefox-esr	< firefox 122.0-1 (sid)	firefox 122.0-1 (sid)
debian	thunderbird	< firefox 122.0-1 (sid)	firefox 122.0-1 (sid)
mozilla	firefox	< 122.0	122.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 122.0.1+build1-0ubuntu0.20.04.1	122.0.1+build1-0ubuntu0.20.04.1
mozilla	firefox	>= 0 < 122.0+build2-0ubuntu0.20.04.1	122.0+build2-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 122	122
mozilla	firefox_esr	< 115.7	115.7
mozilla	thunderbird	< 115.7	115.7
mozilla	thunderbird	>= 0 < 1:115.7.0-1~deb11u1	1:115.7.0-1~deb11u1
mozilla	thunderbird	>= 0 < 1:115.7.0-1~deb12u1	1:115.7.0-1~deb12u1
mozilla	thunderbird	>= 0 < 1:115.7.0-1	1:115.7.0-1
mozilla	thunderbird	>= 0 < 1:115.7.0-1	1:115.7.0-1
mozilla	thunderbird	>= 0 < 1:115.8.1+build1-0ubuntu0.20.04.1	1:115.8.1+build1-0ubuntu0.20.04.1
mozilla	thunderbird	>= 0 < 1:115.8.1+build1-0ubuntu0.22.04.1	1:115.8.1+build1-0ubuntu0.22.04.1
mozilla	thunderbird	>= unspecified < 115.7	115.7

Ubuntu

Thunderbird vulnerabilities

vendor_ubuntu·2024-03-04·CVSS 6.5

CVE-2024-0747 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1553, CVE-2024-1936) Cornel Ionce discovered that Thunderbird did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cau

Ubuntu

Firefox regressions

vendor_ubuntu·2024-02-07·CVSS 6.5

[MEDIUM] Firefox regressions Title: Firefox regressions Summary: USN-6610-1 caused some minor regressions in Firefox. USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print pre

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-01-29·CVSS 6.5

CVE-2024-0745 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-0746) Instructions: After a standard system update yo

Red Hat

Mozilla: Phishing site popup could show local origin in address bar

vendor_redhat·2024-01-23·CVSS 4.3

CVE-2024-0749 [MEDIUM] CWE-1021 Mozilla: Phishing site popup could show local origin in address bar Mozilla: Phishing site popup could show local origin in address bar A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope

Debian

CVE-2024-0749: firefox - A phishing site could have repurposed an `about:` dialog to show phishing conten...

vendor_debian·2024·CVSS 4.3

CVE-2024-0749 [MEDIUM] CVE-2024-0749: firefox - A phishing site could have repurposed an `about:` dialog to show phishing conten... A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. Scope: local sid: resolved (fixed in 122.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-04: CVE-2024-0749

vendor_mozilla·CVSS 4.3

CVE-2024-0749 [MEDIUM] Mozilla Foundation Security Advisory 2024-04: CVE-2024-0749 Mozilla Foundation Security Advisory 2024-04 CVE: CVE-2024-0749 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 115.7

Mozilla

Mozilla Foundation Security Advisory 2024-02: CVE-2024-0749

vendor_mozilla·CVSS 4.3

CVE-2024-0749 [MEDIUM] Mozilla Foundation Security Advisory 2024-02: CVE-2024-0749 Mozilla Foundation Security Advisory 2024-02 CVE: CVE-2024-0749 Product: Firefox ESR Impact: moderate Fixed in: Firefox ESR 115.7

Mozilla

Mozilla Foundation Security Advisory 2024-01: CVE-2024-0749

vendor_mozilla·CVSS 4.3

CVE-2024-0749 [MEDIUM] Mozilla Foundation Security Advisory 2024-01: CVE-2024-0749 Mozilla Foundation Security Advisory 2024-01 CVE: CVE-2024-0749 Product: Firefox Impact: moderate Fixed in: Firefox 122

OSV

thunderbird vulnerabilities

osv·2024-03-04·CVSS 6.5

CVE-2024-0741 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1553, CVE-2024-1936) Cornel Ionce discovered that Thunderbird did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-0746) Alfred Peters discovered th

OSV

firefox regressions

osv·2024-02-07·CVSS 6.5

CVE-2024-0741 [MEDIUM] firefox regressions firefox regressions USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause

OSV

firefox vulnerabilities

osv·2024-01-29·CVSS 6.5

CVE-2024-0741 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747, CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0754, CVE-2024-0755) Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-0746)

OSV

CVE-2024-0749: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar

osv·2024-01-23·CVSS 4.3

CVE-2024-0749 [MEDIUM] CVE-2024-0749: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

GHSA

GHSA-3568-h36m-7jmf: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar

ghsa_unreviewed·2024-01-23

CVE-2024-0749 [MEDIUM] CWE-346 GHSA-3568-h36m-7jmf: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

CVE-2024-0749: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects…

Affected

CVSS provenance