CVE-2024-7518 - Vulnerability Details

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
firefox-0:115.14.0-2.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2024:5324	2024-08-13T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:115.14.0-2.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:5391	2024-08-14T00:00:00Z
thunderbird-0:115.14.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:5402	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:115.14.0-2.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:5323	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:5393	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
firefox-0:115.14.0-2.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:5325	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:5527	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
firefox-0:115.14.0-2.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:5325	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:5527	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
firefox-0:115.14.0-2.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:5325	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:5527	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
firefox-0:115.14.0-2.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2024:5326	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2024:5528	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
firefox-0:115.14.0-2.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2024:5326	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2024:5528	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
firefox-0:115.14.0-2.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2024:5326	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2024:5528	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
firefox-0:115.14.0-2.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5329	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5394	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:115.14.0-2.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5322	2024-08-15T00:00:00Z
thunderbird-0:115.14.0-1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5392	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
firefox-0:115.14.0-2.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:5327	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:5395	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
firefox-0:115.14.0-2.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5328	2024-08-13T00:00:00Z
thunderbird-0:115.14.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5396	2024-08-14T00:00:00Z

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1875354
https://nvd.nist.gov/vuln/detail/CVE-2024-7518
https://www.cve.org/CVERecord?id=CVE-2024-7518
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7518
https://www.mozilla.org/security/advisories/mfsa2024-33/
https://www.mozilla.org/security/advisories/mfsa2024-35/
https://www.mozilla.org/security/advisories/mfsa2024-37/

History

Tue, 29 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1021

Mon, 19 Aug 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla firefox Esr Mozilla thunderbird
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox_esr:::::::: cpe:2.3:a:mozilla:thunderbird::::::::
Vendors & Products		Mozilla Mozilla firefox Mozilla firefox Esr Mozilla thunderbird
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}`

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
References	https://www.mozilla.org/en-US/security/advisories/mfsa2024-35/#CVE-2024-7518 https://www.mozilla.org/en-US/security/advisories/mfsa2024-37/#CVE-2024-7518	https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7518

Thu, 08 Aug 2024 13:15:00 +0000

Type	Values Removed	Values Added
Title	mozilla: From NVD collector	mozilla: Fullscreen notification dialog can be obscured by document content
References		https://www.mozilla.org/en-US/security/advisories/mfsa2024-35/#CVE-2024-7518 https://www.mozilla.org/en-US/security/advisories/mfsa2024-37/#CVE-2024-7518
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 07 Aug 2024 19:30:00 +0000

Type	Values Removed	Values Added
Title		mozilla: From NVD collector
References		https://nvd.nist.gov/vuln/detail/CVE-2024-7518 https://www.cve.org/CVERecord?id=CVE-2024-7518
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 06 Aug 2024 22:30:00 +0000

Type	Values Removed	Values Added
Description	Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1.	Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
References		https://www.mozilla.org/security/advisories/mfsa2024-37/

Tue, 06 Aug 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-08-06T12:38:12.470Z

Updated: 2024-10-29T19:51:38.686Z

Reserved: 2024-08-05T23:29:53.211Z

Link: CVE-2024-7518

Vulnrichment

Updated: 2024-08-06T20:27:46.563Z

NVD

Status : Modified

Published: 2024-08-06T13:15:56.970

Modified: 2024-10-29T20:35:43.097

Link: CVE-2024-7518

Redhat

Severity : Important

Publid Date: 2024-08-06T00:00:00Z

Links: CVE-2024-7518 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7518", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-08-05T23:29:53.211Z", "datePublished": "2024-08-06T12:38:12.470Z", "dateUpdated": "2024-10-29T19:51:38.686Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "129", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "128.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "128.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1."}]}], "problemTypes": [{"descriptions": [{"description": "Fullscreen notification dialog can be obscured by document content", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"}], "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-08-06T22:21:40.998Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1021", "lang": "en", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T17:58:37.256105Z", "id": "CVE-2024-7518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:51:38.686Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-7518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-06T17:58:37.256105Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T20:27:46.563Z"}}], "cna": {"credits": [{"lang": "en", "value": "Shaheen Fazim"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "129", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.1", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "128.1", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"}], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "supportingMedia": [{"type": "text/html", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Fullscreen notification dialog can be obscured by document content"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-08-06T22:21:40.998Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7518", "state": "PUBLISHED", "dateUpdated": "2024-10-29T19:51:38.686Z", "dateReserved": "2024-08-05T23:29:53.211Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-08-06T12:38:12.470Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "E096FE78-91CC-4F06-A87A-226CDEBD483C", "versionEndExcluding": "129", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "32A0E6D7-D4FF-448F-A55B-E63A5DDFA8DD", "versionEndExcluding": "128.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6FF3091-7DD4-4265-8F19-A64EB03831ED", "versionEndExcluding": "128.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1."}, {"lang": "es", "value": "Las opciones seleccionadas podr\u00edan oscurecer el cuadro de di\u00e1logo de notificaci\u00f3n en pantalla completa. Esto podr\u00eda ser utilizado por un sitio malicioso para realizar un ataque de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox < 129, Firefox ESR < 128.1 y Thunderbird < 128.1."}], "id": "CVE-2024-7518", "lastModified": "2024-10-29T20:35:43.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-06T13:15:56.970", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-33/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-35/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-37/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1021"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5324", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:115.14.0-2.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5391", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:115.14.0-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5402", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:115.14.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5323", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:115.14.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5393", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:115.14.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5325", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:115.14.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5527", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:115.14.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5325", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:115.14.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5527", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:115.14.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5325", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:115.14.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5527", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:115.14.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5326", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:115.14.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5528", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:115.14.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5326", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:115.14.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5528", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:115.14.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5326", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:115.14.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5528", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:115.14.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:5329", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:115.14.0-2.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5394", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:115.14.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5322", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:115.14.0-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5392", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:115.14.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5327", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:115.14.0-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5395", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:115.14.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5328", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:115.14.0-2.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5396", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:115.14.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}], "bugzilla": {"description": "mozilla: Fullscreen notification dialog can be obscured by document content", "id": "2303135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303135"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nSelect options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack."], "name": "CVE-2024-7518", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7518\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7518\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7518"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object