{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7518", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-08-05T23:29:53.211Z", "datePublished": "2024-08-06T12:38:12.470Z", "dateUpdated": "2024-10-29T19:51:38.686Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "129", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "128.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "128.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1."}]}], "problemTypes": [{"descriptions": [{"description": "Fullscreen notification dialog can be obscured by document content", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"}], "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-08-06T22:21:40.998Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1021", "lang": "en", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T17:58:37.256105Z", "id": "CVE-2024-7518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:51:38.686Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-7518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-06T17:58:37.256105Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T20:27:46.563Z"}}], "cna": {"credits": [{"lang": "en", "value": "Shaheen Fazim"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "129", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.1", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.1", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"}], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "supportingMedia": [{"type": "text/html", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Fullscreen notification dialog can be obscured by document content"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-08-06T22:21:40.998Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7518", "state": "PUBLISHED", "dateUpdated": "2024-10-29T19:51:38.686Z", "dateReserved": "2024-08-05T23:29:53.211Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-08-06T12:38:12.470Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "E096FE78-91CC-4F06-A87A-226CDEBD483C", "versionEndExcluding": "129", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "32A0E6D7-D4FF-448F-A55B-E63A5DDFA8DD", "versionEndExcluding": "128.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6FF3091-7DD4-4265-8F19-A64EB03831ED", "versionEndExcluding": "128.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1."}, {"lang": "es", "value": "Las opciones seleccionadas podr\u00edan oscurecer el cuadro de di\u00e1logo de notificaci\u00f3n en pantalla completa. Esto podr\u00eda ser utilizado por un sitio malicioso para realizar un ataque de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox &lt; 129, Firefox ESR &lt; 128.1 y Thunderbird &lt; 128.1."}], "id": "CVE-2024-7518", "lastModified": "2024-10-29T20:35:43.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-06T13:15:56.970", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1021"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5324", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:115.14.0-2.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5391", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:115.14.0-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5402", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:115.14.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5323", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:115.14.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5393", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:115.14.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5325", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:115.14.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5527", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:115.14.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5325", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:115.14.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5527", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:115.14.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5325", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:115.14.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5527", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:115.14.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5326", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:115.14.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5528", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:115.14.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5326", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:115.14.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5528", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:115.14.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5326", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:115.14.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5528", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:115.14.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5329", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:115.14.0-2.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5394", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:115.14.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5322", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:115.14.0-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5392", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:115.14.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5327", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:115.14.0-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5395", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:115.14.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5328", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:115.14.0-2.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5396", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:115.14.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}], "bugzilla": {"description": "mozilla: Fullscreen notification dialog can be obscured by document content", "id": "2303135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303135"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nSelect options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack."], "name": "CVE-2024-7518", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7518\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7518\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7518"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}