VDB
CNVD-2024-25533
CNVD-2024-25533
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 多款Mozilla产品存在欺骗漏洞,该漏洞是由于使用下拉选择输入元素时全屏通知被遮挡所致。攻击者可利用该漏洞进行欺骗攻击。
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox ESR | unspecified |
| Mozilla | Firefox | unspecified |
Exploit Intelligence
- CIRCL seen: CVE-2024-1548 (circl-sighting)
- CIRCL seen: CVE-2024-1548 (circl-sighting)
- CIRCL seen: CVE-2024-1548 (circl-sighting)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-05/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-06/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-07/ (circl)
- https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html (circl)
- https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html (circl)
Timeline
- Feb 20, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 PoC Published
- Mar 1, 2024 CVE ID Reserved
- Mar 8, 2024 PoC Published
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 url
- https://www.mozilla.org/security/advisories/mfsa2024-05/ url
- https://www.mozilla.org/security/advisories/mfsa2024-06/ url
- https://www.mozilla.org/security/advisories/mfsa2024-07/ url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html url