CVE-2024-0742

CVE Database · CVE-2024-0742

CVE-2024-0742

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.60%

Published

Jan 23, 2024

Modified

May 30, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products (4)

mozilla · firefox (up to 122.0)vulnerable

mozilla · firefox_esr (up to 115.7)vulnerable

mozilla · thunderbird (up to 115.7)vulnerable

debian · debian_linuxvulnerable

References (12)

https://bugzilla.mozilla.org/show_bug.cgi?id=1867152

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

Mailing ListThird Party Advisory