Vulnerability CVE-2024-0742: Information

Description

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-0742
Published: Jan. 23, 2024
Modified: Feb. 2, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus122.0-alt1125.0.2-alt1ALT-PU-2024-1368-1338897Fixed
firefoxsisyphus_riscv64122.0.1-alt0.port124.0.1-alt0.portALT-PU-2024-2222-1-Fixed
firefoxsisyphus_loongarch64123.0-alt1.0.port125.0.1-alt1.0.portALT-PU-2024-3000-1-Fixed
firefox-esrsisyphus115.7.0-alt1115.10.0-alt1ALT-PU-2024-1783-2339728Fixed
firefox-esrsisyphus_loongarch64115.7.0-alt2115.10.0-alt1ALT-PU-2024-1967-1-Fixed
firefox-esrp10115.7.0-alt1115.10.0-alt1ALT-PU-2024-1792-2339729Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
thunderbirdsisyphus115.7.0-alt1115.9.0-alt1ALT-PU-2024-1788-2339732Fixed
thunderbirdsisyphus_loongarch64115.7.0-alt1115.9.0-alt1ALT-PU-2024-1802-1-Fixed
thunderbirdp10115.8.1-alt1115.9.0-alt1ALT-PU-2024-3860-2342581Fixed
thunderbirdc10f1115.8.1-alt0.c10.1115.9.0-alt0.c10.1ALT-PU-2024-4748-2343092Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1867152
  • Issue Tracking
  • Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-01/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-02/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-04/
  • Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      122.0
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      115.7
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      115.7

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top