CVE-2024-4768Improper Preservation of Permissions in Mozilla Firefox

CWE-281Improper Preservation of PermissionsCWE-451User Interface (UI) Misrepresentation of Critical Information14 documents8 sources
Severity
6.1MEDIUMNVD
OSV8.8
EPSS
0.7%
top 27.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedMay 14
Latest updateMay 29

Description

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified126
NVDmozilla/firefox< 115.11.0+1
CVEListV5mozilla/firefox_esrunspecified115.11
Ubuntumozilla/firefox< 126.0+build2-0ubuntu0.20.04.1+1
CVEListV5mozilla/thunderbirdunspecified115.11

Also affects: Debian Linux 10.0

🔴Vulnerability Details

6
OSV
firefox regressions2024-05-29
OSV
thunderbird vulnerabilities2024-05-22
OSV
firefox vulnerabilities2024-05-21
OSV
CVE-2024-4768: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions2024-05-14
CVEList
CVE-2024-4768: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions2024-05-14

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2024-05-22
Ubuntu
Firefox vulnerabilities2024-05-21
Red Hat
Mozilla: Potential permissions request bypass via clickjacking2024-05-14
Debian
CVE-2024-4768: firefox - A bug in popup notifications' interaction with WebAuthn made it easier for an at...2024
Mozilla
Mozilla Foundation Security Advisory 2024-23: CVE-2024-4768
CVE-2024-4768 — Improper Preservation of Permissions | cvebase