VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fthb-kssx-aaas

Essentials
Severities (95)
References (48)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fthb-kssx-aaas
Aliases	CVE-2024-0742
Summary	It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0742.json
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.0101	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.01259	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.01366	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
epss	0.01366	https://api.first.org/data/v1/epss?cve=CVE-2024-0742
cvssv3.1	4.3	https://bugzilla.mozilla.org/show_bug.cgi?id=1867152
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1867152
cvssv3.1	4.3	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1	4.3	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-0742
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-0742
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-02/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-02/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-04/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0742.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-0742
		https://bugzilla.mozilla.org/show_bug.cgi?id=1867152
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
		https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
		https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
		https://www.mozilla.org/security/advisories/mfsa2024-01/
		https://www.mozilla.org/security/advisories/mfsa2024-02/
		https://www.mozilla.org/security/advisories/mfsa2024-04/
2259927		https://bugzilla.redhat.com/show_bug.cgi?id=2259927
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2024-0742		https://nvd.nist.gov/vuln/detail/CVE-2024-0742
GLSA-202402-25		https://security.gentoo.org/glsa/202402-25
GLSA-202402-26		https://security.gentoo.org/glsa/202402-26
mfsa2024-01		https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-02		https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
mfsa2024-04		https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
RHSA-2024:0559		https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565		https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596		https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598		https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600		https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601		https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602		https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603		https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604		https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605		https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608		https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609		https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615		https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616		https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618		https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619		https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622		https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623		https://access.redhat.com/errata/RHSA-2024:0623
USN-6610-1		https://usn.ubuntu.com/6610-1/
USN-6669-1		https://usn.ubuntu.com/6669-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0742.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1867152

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:26Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1867152

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:26Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:26Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0742

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0742

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:26Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-02/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:26Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-02/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:26Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Exploit Prediction Scoring System (EPSS)

Percentile	0.22629
EPSS Score	0.00052
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-23T14:51:12.901310+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-04.yml	34.0.0rc2