Search for vulnerabilities
Vulnerability details: VCID-19eb-p7bt-aaac
Vulnerability ID VCID-19eb-p7bt-aaac
Aliases CVE-2024-2611
Summary A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-449 The UI Performs the Wrong Action
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2611.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.00653 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
epss 0.01176 https://api.first.org/data/v1/epss?cve=CVE-2024-2611
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-12
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-13
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-14
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2611.json
https://api.first.org/data/v1/epss?cve=CVE-2024-2611
https://bugzilla.mozilla.org/show_bug.cgi?id=1876675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.mozilla.org/security/advisories/mfsa2024-14/
2270664 https://bugzilla.redhat.com/show_bug.cgi?id=2270664
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-2611 https://nvd.nist.gov/vuln/detail/CVE-2024-2611
mfsa2024-12 https://www.mozilla.org/en-US/security/advisories/mfsa2024-12
mfsa2024-13 https://www.mozilla.org/en-US/security/advisories/mfsa2024-13
mfsa2024-14 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14
RHSA-2024:1483 https://access.redhat.com/errata/RHSA-2024:1483
RHSA-2024:1484 https://access.redhat.com/errata/RHSA-2024:1484
RHSA-2024:1485 https://access.redhat.com/errata/RHSA-2024:1485
RHSA-2024:1486 https://access.redhat.com/errata/RHSA-2024:1486
RHSA-2024:1487 https://access.redhat.com/errata/RHSA-2024:1487
RHSA-2024:1488 https://access.redhat.com/errata/RHSA-2024:1488
RHSA-2024:1489 https://access.redhat.com/errata/RHSA-2024:1489
RHSA-2024:1490 https://access.redhat.com/errata/RHSA-2024:1490
RHSA-2024:1491 https://access.redhat.com/errata/RHSA-2024:1491
RHSA-2024:1492 https://access.redhat.com/errata/RHSA-2024:1492
RHSA-2024:1493 https://access.redhat.com/errata/RHSA-2024:1493
RHSA-2024:1494 https://access.redhat.com/errata/RHSA-2024:1494
RHSA-2024:1495 https://access.redhat.com/errata/RHSA-2024:1495
RHSA-2024:1496 https://access.redhat.com/errata/RHSA-2024:1496
RHSA-2024:1497 https://access.redhat.com/errata/RHSA-2024:1497
RHSA-2024:1498 https://access.redhat.com/errata/RHSA-2024:1498
RHSA-2024:1499 https://access.redhat.com/errata/RHSA-2024:1499
RHSA-2024:1500 https://access.redhat.com/errata/RHSA-2024:1500
USN-6703-1 https://usn.ubuntu.com/6703-1/
USN-6717-1 https://usn.ubuntu.com/6717-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2611.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11214
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:52.774424+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-2611 34.0.0rc4