Search for vulnerabilities
Vulnerability details: VCID-t5t8-m98n-fycx
Vulnerability ID VCID-t5t8-m98n-fycx
Aliases CVE-2024-8900
Summary An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8900.json
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00131 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00196 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00196 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2024-8900
cvssv3.1 7.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
cvssv3.1 7.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-8900
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-8900
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-33
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-47
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-49
cvssv3.1 7.5 https://www.mozilla.org/security/advisories/mfsa2024-33/
cvssv3.1 7.5 https://www.mozilla.org/security/advisories/mfsa2024-33/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-33/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-33/
cvssv3.1 7.5 https://www.mozilla.org/security/advisories/mfsa2024-47/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-47/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-47/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-47/
cvssv3.1 7.5 https://www.mozilla.org/security/advisories/mfsa2024-49/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2024-49/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-49/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-49/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8900.json
https://api.first.org/data/v1/epss?cve=CVE-2024-8900
https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8900
https://www.mozilla.org/security/advisories/mfsa2024-33/
2312914 https://bugzilla.redhat.com/show_bug.cgi?id=2312914
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVE-2024-8900 https://nvd.nist.gov/vuln/detail/CVE-2024-8900
GLSA-202412-04 https://security.gentoo.org/glsa/202412-04
GLSA-202412-06 https://security.gentoo.org/glsa/202412-06
GLSA-202505-08 https://security.gentoo.org/glsa/202505-08
mfsa2024-33 https://www.mozilla.org/en-US/security/advisories/mfsa2024-33
mfsa2024-47 https://www.mozilla.org/en-US/security/advisories/mfsa2024-47
mfsa2024-47 https://www.mozilla.org/security/advisories/mfsa2024-47/
mfsa2024-49 https://www.mozilla.org/en-US/security/advisories/mfsa2024-49
mfsa2024-49 https://www.mozilla.org/security/advisories/mfsa2024-49/
RHSA-2024:7621 https://access.redhat.com/errata/RHSA-2024:7621
RHSA-2024:7622 https://access.redhat.com/errata/RHSA-2024:7622
RHSA-2024:7646 https://access.redhat.com/errata/RHSA-2024:7646
RHSA-2024:7700 https://access.redhat.com/errata/RHSA-2024:7700
RHSA-2024:7702 https://access.redhat.com/errata/RHSA-2024:7702
RHSA-2024:7703 https://access.redhat.com/errata/RHSA-2024:7703
RHSA-2024:7704 https://access.redhat.com/errata/RHSA-2024:7704
RHSA-2024:7842 https://access.redhat.com/errata/RHSA-2024:7842
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8900.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1872841
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8900
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8900
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-33/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-33/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-33/
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-33/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-47/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-47/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:20:31Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-47/
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-47/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-49/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-49/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:20:31Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-49/
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-49/
Exploit Prediction Scoring System (EPSS)
Percentile 0.22945
EPSS Score 0.00054
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-18T07:23:23.746725+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-33.yml 34.0.1