CVE-2024-0750

high

Published 2024-01-30 · Modified 2024-01-30

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description Mozilla: Potential permissions request bypass via clickjacking Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

Mozilla: Potential permissions request bypass via clickjacking

Red Hat statement

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 7	`firefox-0:115.7.0-1.el7_9`	RHSA-2024:0600	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 7	`thunderbird-0:115.7.0-1.el7_9`	RHSA-2024:0601	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8	`firefox-0:115.7.0-1.el8_9`	RHSA-2024:0608	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8	`thunderbird-0:115.7.0-1.el8_9`	RHSA-2024:0609	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`firefox-0:115.7.0-1.el8_2`	RHSA-2024:0618	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`thunderbird-0:115.7.0-1.el8_2`	RHSA-2024:0619	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	`firefox-0:115.7.0-1.el8_2`	RHSA-2024:0618	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	`thunderbird-0:115.7.0-1.el8_2`	RHSA-2024:0619	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	`firefox-0:115.7.0-1.el8_2`	RHSA-2024:0618	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	`thunderbird-0:115.7.0-1.el8_2`	RHSA-2024:0619	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`firefox-0:115.7.0-1.el8_4`	RHSA-2024:0559	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`thunderbird-0:115.7.0-1.el8_4`	RHSA-2024:0565	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`firefox-0:115.7.0-1.el8_4`	RHSA-2024:0559	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`thunderbird-0:115.7.0-1.el8_4`	RHSA-2024:0565	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`firefox-0:115.7.0-1.el8_4`	RHSA-2024:0559	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`thunderbird-0:115.7.0-1.el8_4`	RHSA-2024:0565	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`firefox-0:115.7.0-1.el8_6`	RHSA-2024:0622	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`thunderbird-0:115.7.0-1.el8_6`	RHSA-2024:0623	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`firefox-0:115.7.0-1.el8_8`	RHSA-2024:0596	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`thunderbird-0:115.7.0-1.el8_8`	RHSA-2024:0598	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9	`thunderbird-0:115.7.0-1.el9_3`	RHSA-2024:0602	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9	`firefox-0:115.7.0-1.el9_3`	RHSA-2024:0603	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`firefox-0:115.7.0-1.el9_0`	RHSA-2024:0615	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`thunderbird-0:115.7.0-1.el9_0`	RHSA-2024:0616	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`firefox-0:115.7.0-1.el9_2`	RHSA-2024:0604	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`thunderbird-0:115.7.0-1.el9_2`	RHSA-2024:0605	2024-01-30T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`firefox`	Out of support scope
Red Hat Enterprise Linux 6	`thunderbird`	Out of support scope

Apply commands

bash fix

Apply RHSA-2024:0600 for Red Hat Enterprise Linux 7

yum update -y firefox
# or:
dnf upgrade -y firefox

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`115.7.0esr-1`
sid	Fixed	`122.0-1`
forky	Fixed	`115.7.0esr-1`
bullseye	Fixed	`115.7.0esr-1~deb11u1`
bookworm	Fixed	`115.7.0esr-1~deb12u1`

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.