Search for vulnerabilities
Vulnerability details: VCID-hqm7-vagc-aaaa
Vulnerability ID VCID-hqm7-vagc-aaaa
Aliases CVE-2024-5693
Summary Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5693.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00383 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.0045 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
epss 0.00908 https://api.first.org/data/v1/epss?cve=CVE-2024-5693
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-25
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-26
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-28
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5693.json
https://api.first.org/data/v1/epss?cve=CVE-2024-5693
https://bugzilla.mozilla.org/show_bug.cgi?id=1891319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5702
https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html
https://www.mozilla.org/security/advisories/mfsa2024-25/
https://www.mozilla.org/security/advisories/mfsa2024-26/
https://www.mozilla.org/security/advisories/mfsa2024-28/
2291399 https://bugzilla.redhat.com/show_bug.cgi?id=2291399
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2024-5693 https://nvd.nist.gov/vuln/detail/CVE-2024-5693
GLSA-202408-02 https://security.gentoo.org/glsa/202408-02
GLSA-202412-06 https://security.gentoo.org/glsa/202412-06
GLSA-202412-13 https://security.gentoo.org/glsa/202412-13
mfsa2024-25 https://www.mozilla.org/en-US/security/advisories/mfsa2024-25
mfsa2024-26 https://www.mozilla.org/en-US/security/advisories/mfsa2024-26
mfsa2024-28 https://www.mozilla.org/en-US/security/advisories/mfsa2024-28
RHSA-2024:3949 https://access.redhat.com/errata/RHSA-2024:3949
RHSA-2024:3950 https://access.redhat.com/errata/RHSA-2024:3950
RHSA-2024:3951 https://access.redhat.com/errata/RHSA-2024:3951
RHSA-2024:3952 https://access.redhat.com/errata/RHSA-2024:3952
RHSA-2024:3953 https://access.redhat.com/errata/RHSA-2024:3953
RHSA-2024:3954 https://access.redhat.com/errata/RHSA-2024:3954
RHSA-2024:3955 https://access.redhat.com/errata/RHSA-2024:3955
RHSA-2024:3958 https://access.redhat.com/errata/RHSA-2024:3958
RHSA-2024:3972 https://access.redhat.com/errata/RHSA-2024:3972
RHSA-2024:4001 https://access.redhat.com/errata/RHSA-2024:4001
RHSA-2024:4002 https://access.redhat.com/errata/RHSA-2024:4002
RHSA-2024:4003 https://access.redhat.com/errata/RHSA-2024:4003
RHSA-2024:4004 https://access.redhat.com/errata/RHSA-2024:4004
RHSA-2024:4015 https://access.redhat.com/errata/RHSA-2024:4015
RHSA-2024:4016 https://access.redhat.com/errata/RHSA-2024:4016
RHSA-2024:4018 https://access.redhat.com/errata/RHSA-2024:4018
RHSA-2024:4036 https://access.redhat.com/errata/RHSA-2024:4036
RHSA-2024:4063 https://access.redhat.com/errata/RHSA-2024:4063
USN-6840-1 https://usn.ubuntu.com/6840-1/
USN-6862-1 https://usn.ubuntu.com/6862-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5693.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11214
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-06-11T16:46:18.755250+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-25.yml 34.0.0rc4