Vulnerability-Lookup

CVE-2024-10004 (GCVE-0-2024-10004)

Vulnerability from cvelistv5 – Published: 2024-10-15 21:29 – Updated: 2024-10-16 19:18

Summary

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Opening external link to HTTP website could show an HTTPS padlock icon incorrectly

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1904885
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

	Vendor	Product	Version
	Mozilla	Firefox for iOS	Affected: unspecified , < 131.2 (custom)

Credits

Erik van Straten

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
              "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:ipad_os:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "131.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T19:18:14.288936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1021",
                "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T19:18:25.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox for iOS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "131.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Erik van Straten"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2."
            }
          ],
          "value": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Opening external link to HTTP website could show an HTTPS padlock icon incorrectly",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T21:29:01.383Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1904885"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-54/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-10004",
    "datePublished": "2024-10-15T21:29:01.383Z",
    "dateReserved": "2024-10-15T17:26:20.137Z",
    "dateUpdated": "2024-10-16T19:18:25.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2.\"}, {\"lang\": \"es\", \"value\": \"Abrir un enlace externo a un sitio web HTTP cuando Firefox iOS estaba previamente cerrado y ten\\u00eda una pesta\\u00f1a HTTPS abierta podr\\u00eda, en algunos casos, provocar que el \\u00edcono del candado muestre incorrectamente un indicador HTTPS. Esta vulnerabilidad afecta a Firefox para iOS \u0026lt; 131.2.\"}]",
      "id": "CVE-2024-10004",
      "lastModified": "2024-10-16T20:35:08.850",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2024-10-15T22:15:03.197",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1904885\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-54/\", \"source\": \"security@mozilla.org\"}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1021\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-10004\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-10-15T22:15:03.197\",\"lastModified\":\"2025-04-04T14:36:06.857\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2.\"},{\"lang\":\"es\",\"value\":\"Abrir un enlace externo a un sitio web HTTP cuando Firefox iOS estaba previamente cerrado y ten\u00eda una pesta\u00f1a HTTPS abierta podr\u00eda, en algunos casos, provocar que el \u00edcono del candado muestre incorrectamente un indicador HTTPS. Esta vulnerabilidad afecta a Firefox para iOS \u0026lt; 131.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"131.2.0\",\"matchCriteriaId\":\"E072C4E0-49F0-4DB3-936E-8CFF784E3385\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1904885\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-54/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Firefox for iOS\", \"vendor\": \"Mozilla\", \"versions\": [{\"lessThan\": \"131.2\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2.\"}]}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Opening external link to HTTP website could show an HTTPS padlock icon incorrectly\", \"lang\": \"en\", \"type\": \"text\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1904885\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-54/\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Erik van Straten\"}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-10-15T21:29:01.383Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10004\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-16T19:18:14.288936Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*\", \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:ipad_os:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"131.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1021\", \"description\": \"CWE-1021 Improper Restriction of Rendered UI Layers or Frames\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-16T19:18:00.763Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-10004\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"mozilla\", \"dateReserved\": \"2024-10-15T17:26:20.137Z\", \"datePublished\": \"2024-10-15T21:29:01.383Z\", \"dateUpdated\": \"2024-10-16T19:18:25.692Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0877

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découverte dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox pour iOS versions antérieures à 131.2
	Mozilla	Firefox	Firefox versions antérieures à 131.0.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-54	2024-10-15	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-53	2024-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 131.2",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 131.0.3",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10004"
    },
    {
      "name": "CVE-2024-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9936"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0877",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-15T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-54",
      "revision_date": "2024-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans Mozilla Firefox. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-54",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-54/"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-53",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/"
    }
  ]
}

CERTFR-2024-AVI-0877

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox pour iOS versions antérieures à 131.2
	Mozilla	Firefox	Firefox versions antérieures à 131.0.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2024-54	2024-10-15	vendor-advisory
Bulletin de sécurité Mozilla mfsa2024-53	2024-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 131.2",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 131.0.3",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10004"
    },
    {
      "name": "CVE-2024-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9936"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0877",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-15T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-54",
      "revision_date": "2024-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans Mozilla Firefox. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-54",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-54/"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-53",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/"
    }
  ]
}

GHSA-WH67-CC45-G7CF

Vulnerability from github – Published: 2024-10-16 00:30 – Updated: 2024-10-16 21:31

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-10004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1021"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-15T22:15:03Z",
    "severity": "CRITICAL"
  },
  "details": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2.",
  "id": "GHSA-wh67-cc45-g7cf",
  "modified": "2024-10-16T21:31:09Z",
  "published": "2024-10-16T00:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10004"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1904885"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-10004

Vulnerability from fkie_nvd - Published: 2024-10-15 22:15 - Updated: 2025-04-04 14:36

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1904885	Issue Tracking, Permissions Required
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-54/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mozilla	firefox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E072C4E0-49F0-4DB3-936E-8CFF784E3385",
              "versionEndExcluding": "131.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2."
    },
    {
      "lang": "es",
      "value": "Abrir un enlace externo a un sitio web HTTP cuando Firefox iOS estaba previamente cerrado y ten\u00eda una pesta\u00f1a HTTPS abierta podr\u00eda, en algunos casos, provocar que el \u00edcono del candado muestre incorrectamente un indicador HTTPS. Esta vulnerabilidad afecta a Firefox para iOS \u0026lt; 131.2."
    }
  ],
  "id": "CVE-2024-10004",
  "lastModified": "2025-04-04T14:36:06.857",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-15T22:15:03.197",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1904885"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-54/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1021"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CNVD-2024-42938

Vulnerability from cnvd - Published: 2024-11-04

Title

Mozilla Firefox for iOS存在未明漏洞

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox for iOS 131.2之前版本存在安全漏洞，该漏洞源于在某些情况下打开指向HTTP网站的外部链接时，攻击者可利用该漏洞导致挂锁图标错误地显示HTTPS指示器。

Severity

中

Patch Name

Mozilla Firefox for iOS存在未明漏洞的补丁

Patch Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox for iOS 131.2之前版本存在安全漏洞，该漏洞源于在某些情况下打开指向HTTP网站的外部链接时，攻击者可利用该漏洞导致挂锁图标错误地显示HTTPS指示器。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/en-US/security/advisories/mfsa2024-54/

Reference

https://www.mozilla.org/security/advisories/mfsa2024-54/

Impacted products

Name
Mozilla Firefox for iOS <131.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-10004"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox for iOS 131.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u6253\u5f00\u6307\u5411HTTP\u7f51\u7ad9\u7684\u5916\u90e8\u94fe\u63a5\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6302\u9501\u56fe\u6807\u9519\u8bef\u5730\u663e\u793aHTTPS\u6307\u793a\u5668\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-54/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-42938",
  "openTime": "2024-11-04",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox for iOS 131.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u6253\u5f00\u6307\u5411HTTP\u7f51\u7ad9\u7684\u5916\u90e8\u94fe\u63a5\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6302\u9501\u56fe\u6807\u9519\u8bef\u5730\u663e\u793aHTTPS\u6307\u793a\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox for iOS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox for iOS \u003c131.2"
  },
  "referenceLink": "https://www.mozilla.org/security/advisories/mfsa2024-54/",
  "serverity": "\u4e2d",
  "submitTime": "2024-10-17",
  "title": "Mozilla Firefox for iOS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

WID-SEC-W-2024-3213

Vulnerability from csaf_certbund - Published: 2024-10-15 22:00 - Updated: 2024-10-15 22:00

Summary

Mozilla Firefox für iOS: Schwachstelle ermöglicht Darstellen falscher Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Firefox ist ein Open Source Web Browser.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox für iOSausnutzen, um falsche Informationen darzustellen.

Betroffene Betriebssysteme

- iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Mozilla Firefox f\u00fcr iOSausnutzen, um falsche Informationen darzustellen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3213 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3213.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3213 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3213"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory vom 2024-10-15",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-54/"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox f\u00fcr iOS: Schwachstelle erm\u00f6glicht Darstellen falscher Informationen",
    "tracking": {
      "current_release_date": "2024-10-15T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-16T11:15:14.029+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3213",
      "initial_release_date": "2024-10-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c131.2",
                "product": {
                  "name": "Mozilla Firefox \u003c131.2",
                  "product_id": "T038428"
                }
              },
              {
                "category": "product_version",
                "name": "131.2",
                "product": {
                  "name": "Mozilla Firefox 131.2",
                  "product_id": "T038428-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:131.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10004",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Mozilla Firefox. Dieser Fehler existiert wegen der unsachgem\u00e4\u00dfen Behandlung von Sicherheitsindikatoren beim Wechsel zwischen Registerkarten, insbesondere in der Komponente zur Registerkartenverwaltung. Dies erm\u00f6glicht eine falsche visuelle R\u00fcckmeldung bez\u00fcglich der Verbindungssicherheit. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er den Benutzer auffordert, einen externen Link zu einer HTTP-Website zu \u00f6ffnen, nachdem Firefox mit einer ge\u00f6ffneten HTTPS-Registerkarte geschlossen wurde, was dazu f\u00fchrt, dass das Vorh\u00e4ngeschloss-Symbol f\u00e4lschlicherweise einen HTTPS-Indikator anzeigt, wodurch der Benutzer m\u00f6glicherweise zu der Annahme verleitet wird, dass die Verbindung sicher ist, obwohl sie es nicht ist."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038428"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-10004"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-10004 (GCVE-0-2024-10004)

CERTFR-2024-AVI-0877

Solutions

CERTFR-2024-AVI-0877

Solutions

GHSA-WH67-CC45-G7CF

FKIE_CVE-2024-10004

CNVD-2024-42938

WID-SEC-W-2024-3213

Tags

Sightings

Nomenclature