PT-2024-5769 · Mozilla+10 · Thunderbird+11

Hafiizh

·

Published

2024-08-06

·

Updated

2025-03-14

·

CVE-2024-7529

CVSS v2.0

9.4

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 129 Firefox ESR versions prior to 115.14 Firefox ESR versions prior to 128.1 Thunderbird versions prior to 128.1 Thunderbird versions prior to 115.14
Description The vulnerability is related to the date picker function in Mozilla Firefox, which could partially obscure security prompts. This could be exploited by a malicious site to trick a user into granting permissions, potentially allowing an attacker to gain unauthorized access to data or functions.
Recommendations For Firefox versions prior to 129, update to version 129 or later. For Firefox ESR versions prior to 115.14, update to version 115.14 or later. For Firefox ESR versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 115.14, update to version 115.14 or later.

Fix

Clickjacking

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-451

Related Identifiers

ALSA-2024:5322
ALSA-2024:5391
ALSA-2024:5392
ALSA-2024:5402
ALT-PU-2024-13895
ALT-PU-2024-13897
ALT-PU-2024-13898
ALT-PU-2024-14780
ALT-PU-2024-14892
ALT-PU-2024-15087
ALT-PU-2024-15175
ALT-PU-2024-15839
ALT-PU-2024-15840
ALT-PU-2024-15841
BDU:2024-06482
CESA-2024_5391
CESA-2024_5402
CVE-2024-7529
DSA-5740-1
DSA-5744-1
INFSA-2024_5322
INFSA-2024_5391
INFSA-2024_5392
INFSA-2024_5402
MGASA-2024-0325
MGASA-2024-0332
MGASA-2024-0334
OESA-2024-1976
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2024:14250-1
OPENSUSE-SU-2024:14260-1
OPENSUSE-SU-2024:14572-1
OPENSUSE-SU-2024_3003-1
OPENSUSE-SU-2024_3112-1
OPENSUSE-SU-2024_3507-1
RHSA-2024:5322
RHSA-2024:5323
RHSA-2024:5324
RHSA-2024:5325
RHSA-2024:5326
RHSA-2024:5327
RHSA-2024:5328
RHSA-2024:5329
RHSA-2024:5391
RHSA-2024:5392
RHSA-2024:5393
RHSA-2024:5394
RHSA-2024:5395
RHSA-2024:5396
RHSA-2024:5402
RHSA-2024:5527
RHSA-2024:5528
RHSA-2024_5322
RHSA-2024_5391
RHSA-2024_5392
RHSA-2024_5402
ROSA-SA-2025-2563
SUSE-SU-2024:2876-1
SUSE-SU-2024:3003-1
SUSE-SU-2024:3112-1
SUSE-SU-2024:3507-1
USN-6966-1
USN-6966-2
USN-6995-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu