Search for vulnerabilities
Vulnerability details: VCID-bps2-52mg-aaae
Vulnerability ID VCID-bps2-52mg-aaae
Aliases CVE-2024-0747
Summary When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0747.json
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.00642 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
epss 0.01701 https://api.first.org/data/v1/epss?cve=CVE-2024-0747
cvssv3.1 6.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-0747
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-0747
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2024-02/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-02/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-04/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0747.json
https://api.first.org/data/v1/epss?cve=CVE-2024-0747
https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
https://www.mozilla.org/security/advisories/mfsa2024-01/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.mozilla.org/security/advisories/mfsa2024-04/
2259929 https://bugzilla.redhat.com/show_bug.cgi?id=2259929
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-0747 https://nvd.nist.gov/vuln/detail/CVE-2024-0747
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
GLSA-202402-26 https://security.gentoo.org/glsa/202402-26
mfsa2024-01 https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-02 https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
mfsa2024-04 https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
RHSA-2024:0559 https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565 https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596 https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598 https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600 https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601 https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602 https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603 https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604 https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605 https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608 https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609 https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615 https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616 https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618 https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619 https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622 https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623 https://access.redhat.com/errata/RHSA-2024:0623
USN-6610-1 https://usn.ubuntu.com/6610-1/
USN-6669-1 https://usn.ubuntu.com/6669-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0747.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T20:11:17Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T20:11:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T20:11:17Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-01/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T20:11:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-02/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T20:11:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-02/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-04/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T20:11:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/
Exploit Prediction Scoring System (EPSS)
Percentile 0.24197
EPSS Score 0.00056
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-23T14:51:12.933628+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-04.yml 34.0.0rc2