CVE-2024-0742
MEDIUMFirefox < 122, Firefox ESR < 115.7, Thunderbird < 115.7 - Unintended Dialog Activation via Incorrect Timestamp Handling
Title source: llmDescription
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
References (6)
Core 6
Core References
Issue Tracking, Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1867152
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-01/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-02/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-04/
Scores
CVSS v3
4.3
EPSS
0.0184
EPSS Percentile
83.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (4)
debian/debian_linux
10.0
mozilla/firefox
< 122.0
mozilla/firefox_esr
< 115.7
mozilla/thunderbird
< 115.7
Published
Jan 23, 2024
Tracked Since
Feb 18, 2026