CVE-2024-10004

CWE-1021Clickjacking6 documents6 sources
Severity
9.1CRITICAL
EPSS
0.3%
top 44.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedOct 15
Latest updateOct 16

Description

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDmozilla/firefox< 131.2.0
CVEListV5mozilla/firefox_for_iosunspecified131.2

🔴Vulnerability Details

3
GHSA
GHSA-wh67-cc45-g7cf: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock2024-10-16
CVEList
CVE-2024-10004: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock2024-10-15
OSV
CVE-2024-10004: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock2024-10-15

📋Vendor Advisories

2
Debian
CVE-2024-10004: firefox - Opening an external link to an HTTP website when Firefox iOS was previously clos...2024
Mozilla
Mozilla Foundation Security Advisory 2024-54: CVE-2024-10004
CVE-2024-10004 (CRITICAL CVSS 9.1) | Opening an external link to an HTTP | cvebase.io