Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45316

HistoryFeb 03, 2024 - 3:06 a.m.

Click Jacking

2024-02-0303:06:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

click jacking

firefox

vulnerability

popup notifications

delay bug

attacker

permissions

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

30.3%

Firefox is vulnerable to Click Jacking. The vulnerability is caused due to a bug in popup notifications delay calculation. This can make it possible for an attacker to trick a user into granting permissions.

References

bugzilla.mozilla.org/show_bug.cgi?id=1863083

lists.debian.org/debian-lts-announce/2024/01/msg00015.html

lists.debian.org/debian-lts-announce/2024/01/msg00022.html

security-tracker.debian.org/tracker/CVE-2024-0750

www.mozilla.org/security/advisories/mfsa2024-01/

www.mozilla.org/security/advisories/mfsa2024-02/

www.mozilla.org/security/advisories/mfsa2024-04/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

30.3%

Related for VERACODE:45316