VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-gyw7-3v5r-aaag

Essentials
Severities (107)
References (49)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gyw7-3v5r-aaag
Aliases	CVE-2024-0753
Summary	In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-326

Inadequate Encryption Strength

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0753.json
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00327	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.00642	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
epss	0.01701	https://api.first.org/data/v1/epss?cve=CVE-2024-0753
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1870262
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1870262
cvssv3.1	6.5	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1	6.5	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-0753
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-0753
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-02/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-02/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-04/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0753.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-0753
		https://bugzilla.mozilla.org/show_bug.cgi?id=1870262
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
		https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
		https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
		https://www.mozilla.org/security/advisories/mfsa2024-01/
		https://www.mozilla.org/security/advisories/mfsa2024-02/
		https://www.mozilla.org/security/advisories/mfsa2024-04/
		https://www.youtube.com/watch?v=JjMb7Z8ak2k
2259933		https://bugzilla.redhat.com/show_bug.cgi?id=2259933
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2024-0753		https://nvd.nist.gov/vuln/detail/CVE-2024-0753
GLSA-202402-25		https://security.gentoo.org/glsa/202402-25
GLSA-202402-26		https://security.gentoo.org/glsa/202402-26
mfsa2024-01		https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-02		https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
mfsa2024-04		https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
RHSA-2024:0559		https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565		https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596		https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598		https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600		https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601		https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602		https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603		https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604		https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605		https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608		https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609		https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615		https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616		https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618		https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619		https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622		https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623		https://access.redhat.com/errata/RHSA-2024:0623
USN-6610-1		https://usn.ubuntu.com/6610-1/
USN-6669-1		https://usn.ubuntu.com/6669-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0753.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1870262

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:23Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1870262

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:23Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:23Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0753

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0753

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:23Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-02/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:23Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-02/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:23Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Exploit Prediction Scoring System (EPSS)

Percentile	0.24461
EPSS Score	0.00056
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-23T14:51:13.001973+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-04.yml	34.0.0rc2