VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vnj6-wfn1-aaaq

Essentials
Severities (103)
References (48)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vnj6-wfn1-aaaq
Aliases	CVE-2024-0749
Summary	A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1021	Improper Restriction of Rendered UI Layers or Frames
CWE-346	Origin Validation Error

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0749.json
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2024-0749
cvssv3.1	4.3	https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
cvssv3.1	4.3	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1	4.3	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-0749
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2024-0749
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-04/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0749.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-0749
		https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
		https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
		https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
		https://www.mozilla.org/security/advisories/mfsa2024-01/
		https://www.mozilla.org/security/advisories/mfsa2024-02/
		https://www.mozilla.org/security/advisories/mfsa2024-04/
2259930		https://bugzilla.redhat.com/show_bug.cgi?id=2259930
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2024-0749		https://nvd.nist.gov/vuln/detail/CVE-2024-0749
GLSA-202402-25		https://security.gentoo.org/glsa/202402-25
GLSA-202402-26		https://security.gentoo.org/glsa/202402-26
mfsa2024-01		https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-02		https://www.mozilla.org/en-US/security/advisories/mfsa2024-02
mfsa2024-04		https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
RHSA-2024:0559		https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565		https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596		https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598		https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600		https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601		https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602		https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603		https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604		https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605		https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608		https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609		https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615		https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616		https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618		https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619		https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622		https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623		https://access.redhat.com/errata/RHSA-2024:0623
USN-6610-1		https://usn.ubuntu.com/6610-1/
USN-6669-1		https://usn.ubuntu.com/6669-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0749.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1813463

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1813463

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0749

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0749

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/

Exploit Prediction Scoring System (EPSS)

Percentile	0.20150
EPSS Score	0.00049
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-23T14:51:12.950576+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-04.yml	34.0.0rc2