CVE-2024-7523UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking6 documents6 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 69.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedAug 6

Description

A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified129
NVDmozilla/firefox< 129
Ubuntumozilla/firefox< 129.0.1+build1-0ubuntu0.20.04.1

🔴Vulnerability Details

3
GHSA
GHSA-w3xp-69rr-q6gw: A select option could partially obscure security prompts2024-08-06
CVEList
CVE-2024-7523: A select option could partially obscure security prompts2024-08-06
OSV
CVE-2024-7523: A select option could partially obscure security prompts2024-08-06

📋Vendor Advisories

2
Debian
CVE-2024-7523: firefox - A select option could partially obscure security prompts. This could be used by ...2024
Mozilla
Mozilla Foundation Security Advisory 2024-33: CVE-2024-7523
CVE-2024-7523 — UI Misrepresentation / Clickjacking | cvebase