Search for vulnerabilities
Vulnerability details: VCID-ky91-h7x1-aaaj
Vulnerability ID VCID-ky91-h7x1-aaaj
Aliases CVE-2024-2610
Summary Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2610.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00112 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00142 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.00475 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2024-2610
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-12
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-13
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-14
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2610.json
https://api.first.org/data/v1/epss?cve=CVE-2024-2610
https://bugzilla.mozilla.org/show_bug.cgi?id=1871112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.mozilla.org/security/advisories/mfsa2024-14/
2270663 https://bugzilla.redhat.com/show_bug.cgi?id=2270663
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2024-2610 https://nvd.nist.gov/vuln/detail/CVE-2024-2610
mfsa2024-12 https://www.mozilla.org/en-US/security/advisories/mfsa2024-12
mfsa2024-13 https://www.mozilla.org/en-US/security/advisories/mfsa2024-13
mfsa2024-14 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14
RHSA-2024:1483 https://access.redhat.com/errata/RHSA-2024:1483
RHSA-2024:1484 https://access.redhat.com/errata/RHSA-2024:1484
RHSA-2024:1485 https://access.redhat.com/errata/RHSA-2024:1485
RHSA-2024:1486 https://access.redhat.com/errata/RHSA-2024:1486
RHSA-2024:1487 https://access.redhat.com/errata/RHSA-2024:1487
RHSA-2024:1488 https://access.redhat.com/errata/RHSA-2024:1488
RHSA-2024:1489 https://access.redhat.com/errata/RHSA-2024:1489
RHSA-2024:1490 https://access.redhat.com/errata/RHSA-2024:1490
RHSA-2024:1491 https://access.redhat.com/errata/RHSA-2024:1491
RHSA-2024:1492 https://access.redhat.com/errata/RHSA-2024:1492
RHSA-2024:1493 https://access.redhat.com/errata/RHSA-2024:1493
RHSA-2024:1494 https://access.redhat.com/errata/RHSA-2024:1494
RHSA-2024:1495 https://access.redhat.com/errata/RHSA-2024:1495
RHSA-2024:1496 https://access.redhat.com/errata/RHSA-2024:1496
RHSA-2024:1497 https://access.redhat.com/errata/RHSA-2024:1497
RHSA-2024:1498 https://access.redhat.com/errata/RHSA-2024:1498
RHSA-2024:1499 https://access.redhat.com/errata/RHSA-2024:1499
RHSA-2024:1500 https://access.redhat.com/errata/RHSA-2024:1500
USN-6703-1 https://usn.ubuntu.com/6703-1/
USN-6717-1 https://usn.ubuntu.com/6717-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2610.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11214
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:52.640265+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-2610 34.0.0rc4