cvelistv5 - cve-2024-0953

CVE-2024-0953 (GCVE-0-2024-0953)

Vulnerability from cvelistv5 – Published: 2024-02-05 16:48 – Updated: 2024-10-27 22:12

Summary

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

QR Code Scanner does not prompt before navigating user

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1837916
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

	Vendor	Product	Version
	Mozilla	Firefox for iOS	Affected: unspecified , < 129 (custom)

Credits

Lohith Gowda M

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-0953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-05T20:24:03.153967Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-601",
                "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-27T22:12:29.342Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:28.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox for iOS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lohith Gowda M"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
            }
          ],
          "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "QR Code Scanner does not prompt before navigating user",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T15:55:14.502Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-0953",
    "datePublished": "2024-02-05T16:48:33.899Z",
    "dateReserved": "2024-01-26T16:12:18.955Z",
    "dateUpdated": "2024-10-27T22:12:29.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*\", \"matchCriteriaId\": \"5D349D4F-3951-44D3-8891-3334DE563FDA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129.\"}, {\"lang\": \"es\", \"value\": \"Cuando un usuario escanea un c\\u00f3digo QR con la funci\\u00f3n Esc\\u00e1ner de c\\u00f3digo QR, no se le pregunta al usuario antes de navegar a la p\\u00e1gina especificada en el c\\u00f3digo. Esto puede sorprender al usuario y potencialmente dirigirlo a contenido no deseado.\"}]",
      "id": "CVE-2024-0953",
      "lastModified": "2024-11-21T08:47:51.820",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2024-02-05T17:15:09.320",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1837916\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-36/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1837916\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0953\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-02-05T17:15:09.320\",\"lastModified\":\"2024-11-21T08:47:51.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129.\"},{\"lang\":\"es\",\"value\":\"Cuando un usuario escanea un c\u00f3digo QR con la funci\u00f3n Esc\u00e1ner de c\u00f3digo QR, no se le pregunta al usuario antes de navegar a la p\u00e1gina especificada en el c\u00f3digo. Esto puede sorprender al usuario y potencialmente dirigirlo a contenido no deseado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*\",\"matchCriteriaId\":\"5D349D4F-3951-44D3-8891-3334DE563FDA\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1837916\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-36/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1837916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1837916\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:26:28.978Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0953\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-05T20:24:03.153967Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-601\", \"description\": \"CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:44.343Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Lohith Gowda M\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox for iOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"129\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1837916\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-36/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"QR Code Scanner does not prompt before navigating user\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-08-06T15:55:14.502Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0953\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-27T22:12:29.342Z\", \"dateReserved\": \"2024-01-26T16:12:18.955Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-02-05T16:48:33.899Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-0953

Vulnerability from fkie_nvd - Published: 2024-02-05 17:15 - Updated: 2024-11-21 08:47

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1837916	Exploit, Issue Tracking
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-36/
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1837916	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mozilla	firefox	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "5D349D4F-3951-44D3-8891-3334DE563FDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
    },
    {
      "lang": "es",
      "value": "Cuando un usuario escanea un c\u00f3digo QR con la funci\u00f3n Esc\u00e1ner de c\u00f3digo QR, no se le pregunta al usuario antes de navegar a la p\u00e1gina especificada en el c\u00f3digo. Esto puede sorprender al usuario y potencialmente dirigirlo a contenido no deseado."
    }
  ],
  "id": "CVE-2024-0953",
  "lastModified": "2024-11-21T08:47:51.820",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-05T17:15:09.320",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-1784

Vulnerability from csaf_certbund - Published: 2024-08-06 22:00 - Updated: 2024-08-06 22:00

Summary

Mozilla Firefox für iOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Firefox ist ein Open Source Web Browser.

Angriff

Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox für iOS ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten oder den Benutzer auf eine bösartige Website umzuleiten.

Betroffene Betriebssysteme

- iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox f\u00fcr iOS ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten oder den Benutzer auf eine b\u00f6sartige Website umzuleiten.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1784 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1784.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1784 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1784"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory vom 2024-08-06",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox f\u00fcr iOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-08-06T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:12:02.714+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1784",
      "initial_release_date": "2024-08-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "for iOS \u003c129",
                "product": {
                  "name": "Mozilla Firefox for iOS \u003c129",
                  "product_id": "T036627"
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0953",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Mozilla Firefox f\u00fcr IOS. Dieser Fehler besteht im QR-Code-Scanner. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um den Benutzer auf eine b\u00f6sartige Website umzuleiten. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-08-06T22:00:00.000+00:00",
      "title": "CVE-2024-0953"
    },
    {
      "cve": "CVE-2024-43111",
      "notes": [
        {
          "category": "description",
          "text": "In Mozilla Firefox existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2024-08-06T22:00:00.000+00:00",
      "title": "CVE-2024-43111"
    },
    {
      "cve": "CVE-2024-43112",
      "notes": [
        {
          "category": "description",
          "text": "In Mozilla Firefox existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2024-08-06T22:00:00.000+00:00",
      "title": "CVE-2024-43112"
    },
    {
      "cve": "CVE-2024-43113",
      "notes": [
        {
          "category": "description",
          "text": "In Mozilla Firefox existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2024-08-06T22:00:00.000+00:00",
      "title": "CVE-2024-43113"
    }
  ]
}

WID-SEC-W-2024-0342

Vulnerability from csaf_certbund - Published: 2024-02-11 23:00 - Updated: 2024-02-11 23:00

Summary

Mozilla Firefox für iOS: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Produktbeschreibung

Firefox ist ein Open Source Web Browser.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox für iOS ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox f\u00fcr iOS ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0342 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0342.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0342 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0342"
      },
      {
        "category": "external",
        "summary": "Mozilla Bugzilla vom 2024-02-11",
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox f\u00fcr iOS: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2024-02-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:04.352+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0342",
      "initial_release_date": "2024-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 114",
                "product": {
                  "name": "Mozilla Firefox \u003c 114",
                  "product_id": "T027990"
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0953",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Mozilla Firefox. Dieser Fehler besteht in der QR-Code-Scanner-Funktion unter iOS aufgrund eines offenen Redirect-Problems, da die URL vor dem \u00d6ffnen nicht zur Best\u00e4tigung durch den Benutzer angezeigt wird, was potenziell zu Phishing-Angriffen f\u00fchren kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen. F\u00fcr eine erfolgreiche Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2024-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-0953"
    }
  ]
}

GSD-2024-0953

Vulnerability from gsd - Updated: 2024-01-27 06:03

Details

Aliases

CVE-2024-0953

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0953"
      ],
      "details": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content.",
      "id": "GSD-2024-0953",
      "modified": "2024-01-27T06:03:13.637055Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2024-0953",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox for iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firefox for iOS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Lohith Gowda M"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*",
                    "matchCriteriaId": "5D349D4F-3951-44D3-8891-3334DE563FDA",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content."
          },
          {
            "lang": "es",
            "value": "Cuando un usuario escanea un c\u00f3digo QR con la funci\u00f3n Esc\u00e1ner de c\u00f3digo QR, no se le pregunta al usuario antes de navegar a la p\u00e1gina especificada en el c\u00f3digo. Esto puede sorprender al usuario y potencialmente dirigirlo a contenido no deseado."
          }
        ],
        "id": "CVE-2024-0953",
        "lastModified": "2024-02-09T16:38:45.380",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-02-05T17:15:09.320",
        "references": [
          {
            "source": "security@mozilla.org",
            "tags": [
              "Exploit",
              "Issue Tracking"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
          }
        ],
        "sourceIdentifier": "security@mozilla.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-601"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CERTFR-2024-AVI-0656

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.14
Mozilla	Thunderbird	Thunderbird versions antérieures à 128.1
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 128.1
Mozilla	Firefox	Firefox pour iOS versions antérieures à 129
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.14
Mozilla	Firefox	Firefox versions antérieures à 129

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-35	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-33	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-38	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-37	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-36	2024-08-05	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-34	2024-08-06	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.14",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 128.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.1",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 129",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 115.14",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 129",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-7526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7526"
    },
    {
      "name": "CVE-2024-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0953"
    },
    {
      "name": "CVE-2024-7531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
    },
    {
      "name": "CVE-2024-43113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43113"
    },
    {
      "name": "CVE-2024-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7525"
    },
    {
      "name": "CVE-2024-7529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7529"
    },
    {
      "name": "CVE-2024-7524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7524"
    },
    {
      "name": "CVE-2024-43112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43112"
    },
    {
      "name": "CVE-2024-7522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7522"
    },
    {
      "name": "CVE-2024-7528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7528"
    },
    {
      "name": "CVE-2024-7527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7527"
    },
    {
      "name": "CVE-2024-7519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7519"
    },
    {
      "name": "CVE-2024-7518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7518"
    },
    {
      "name": "CVE-2024-7521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7521"
    },
    {
      "name": "CVE-2024-43111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43111"
    },
    {
      "name": "CVE-2024-7530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7530"
    },
    {
      "name": "CVE-2024-7520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7520"
    },
    {
      "name": "CVE-2024-7523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7523"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0656",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-35",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-35/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-33",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-38",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-37",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-37/"
    },
    {
      "published_at": "2024-08-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-36",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-34",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/"
    }
  ]
}

CERTFR-2024-AVI-0656

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.14
Mozilla	Thunderbird	Thunderbird versions antérieures à 128.1
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 128.1
Mozilla	Firefox	Firefox pour iOS versions antérieures à 129
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.14
Mozilla	Firefox	Firefox versions antérieures à 129

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-35	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-33	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-38	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-37	2024-08-06	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-36	2024-08-05	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-34	2024-08-06	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.14",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 128.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.1",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 129",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 115.14",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 129",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-7526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7526"
    },
    {
      "name": "CVE-2024-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0953"
    },
    {
      "name": "CVE-2024-7531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
    },
    {
      "name": "CVE-2024-43113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43113"
    },
    {
      "name": "CVE-2024-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7525"
    },
    {
      "name": "CVE-2024-7529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7529"
    },
    {
      "name": "CVE-2024-7524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7524"
    },
    {
      "name": "CVE-2024-43112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43112"
    },
    {
      "name": "CVE-2024-7522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7522"
    },
    {
      "name": "CVE-2024-7528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7528"
    },
    {
      "name": "CVE-2024-7527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7527"
    },
    {
      "name": "CVE-2024-7519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7519"
    },
    {
      "name": "CVE-2024-7518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7518"
    },
    {
      "name": "CVE-2024-7521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7521"
    },
    {
      "name": "CVE-2024-43111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43111"
    },
    {
      "name": "CVE-2024-7530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7530"
    },
    {
      "name": "CVE-2024-7520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7520"
    },
    {
      "name": "CVE-2024-7523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7523"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0656",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-35",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-35/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-33",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-38",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-37",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-37/"
    },
    {
      "published_at": "2024-08-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-36",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/"
    },
    {
      "published_at": "2024-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-34",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/"
    }
  ]
}

GHSA-WHQ9-VWXQ-6F23

Vulnerability from github – Published: 2024-02-05 18:31 – Updated: 2024-08-06 18:30

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-05T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content.",
  "id": "GHSA-whq9-vwxq-6f23",
  "modified": "2024-08-06T18:30:48Z",
  "published": "2024-02-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0953"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-0953 (GCVE-0-2024-0953)

FKIE_CVE-2024-0953

WID-SEC-W-2024-1784

WID-SEC-W-2024-0342

GSD-2024-0953

CERTFR-2024-AVI-0656

Solutions

CERTFR-2024-AVI-0656

Solutions

GHSA-WHQ9-VWXQ-6F23

Tags

Sightings

Nomenclature