VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-dus9-fvhj-mybk

Essentials
Severities (96)
References (39)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dus9-fvhj-mybk
Aliases	CVE-2024-11692
Summary	An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-451

User Interface (UI) Misrepresentation of Critical Information

System	Score	Found at
cvssv3	5.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11692.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
epss	0.00288	https://api.first.org/data/v1/epss?cve=CVE-2024-11692
cvssv3.1	4.3	https://bugzilla.mozilla.org/show_bug.cgi?id=1909535
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1909535
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-63/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-63/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-64/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-64/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-67/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-67/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-68/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-68/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11692.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11692
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11692
2328946		https://bugzilla.redhat.com/show_bug.cgi?id=2328946
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2024-11692		https://nvd.nist.gov/vuln/detail/CVE-2024-11692
GLSA-202501-10		https://security.gentoo.org/glsa/202501-10
GLSA-202505-03		https://security.gentoo.org/glsa/202505-03
mfsa2024-63		https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
mfsa2024-63		https://www.mozilla.org/security/advisories/mfsa2024-63/
mfsa2024-64		https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
mfsa2024-64		https://www.mozilla.org/security/advisories/mfsa2024-64/
mfsa2024-67		https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
mfsa2024-67		https://www.mozilla.org/security/advisories/mfsa2024-67/
mfsa2024-68		https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
mfsa2024-68		https://www.mozilla.org/security/advisories/mfsa2024-68/
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10702		https://access.redhat.com/errata/RHSA-2024:10702
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10742		https://access.redhat.com/errata/RHSA-2024:10742
RHSA-2024:10743		https://access.redhat.com/errata/RHSA-2024:10743
RHSA-2024:10745		https://access.redhat.com/errata/RHSA-2024:10745
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748
RHSA-2024:10752		https://access.redhat.com/errata/RHSA-2024:10752
RHSA-2024:10844		https://access.redhat.com/errata/RHSA-2024:10844
RHSA-2024:10848		https://access.redhat.com/errata/RHSA-2024:10848
RHSA-2024:10849		https://access.redhat.com/errata/RHSA-2024:10849
RHSA-2024:10880		https://access.redhat.com/errata/RHSA-2024:10880
RHSA-2024:10881		https://access.redhat.com/errata/RHSA-2024:10881
show_bug.cgi?id=1909535		https://bugzilla.mozilla.org/show_bug.cgi?id=1909535
USN-7134-1		https://usn.ubuntu.com/7134-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11692.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1909535

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1909535

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:45:17Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Exploit Prediction Scoring System (EPSS)

Percentile	0.17226
EPSS Score	0.00045
Published At	Nov. 28, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-26T20:11:41.396749+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-67.yml	35.0.0