Bug 2259927 (CVE-2024-0742) - CVE-2024-0742 Mozilla: Failure to update user input timestamp
Summary: CVE-2024-0742 Mozilla: Failure to update user input timestamp
Keywords:
Status: NEW
Alias: CVE-2024-0742
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2258469
TreeView+ depends on / blocked
 
Reported: 2024-01-23 20:55 UTC by Mauro Matteo Cascella
Modified: 2024-01-31 07:07 UTC (History)
4 users (show)

Fixed In Version: firefox 115.7, thunderbird 115.7
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:0559 0 None None None 2024-01-30 11:00:21 UTC
Red Hat Product Errata RHSA-2024:0565 0 None None None 2024-01-30 12:30:07 UTC
Red Hat Product Errata RHSA-2024:0596 0 None None None 2024-01-30 14:09:28 UTC
Red Hat Product Errata RHSA-2024:0598 0 None None None 2024-01-30 14:10:23 UTC
Red Hat Product Errata RHSA-2024:0600 0 None None None 2024-01-30 14:15:16 UTC
Red Hat Product Errata RHSA-2024:0601 0 None None None 2024-01-30 14:15:34 UTC
Red Hat Product Errata RHSA-2024:0602 0 None None None 2024-01-30 14:16:16 UTC
Red Hat Product Errata RHSA-2024:0603 0 None None None 2024-01-30 14:15:53 UTC
Red Hat Product Errata RHSA-2024:0604 0 None None None 2024-01-30 14:18:28 UTC
Red Hat Product Errata RHSA-2024:0605 0 None None None 2024-01-30 14:18:53 UTC
Red Hat Product Errata RHSA-2024:0608 0 None None None 2024-01-30 14:53:57 UTC
Red Hat Product Errata RHSA-2024:0609 0 None None None 2024-01-30 14:54:09 UTC
Red Hat Product Errata RHSA-2024:0615 0 None None None 2024-01-30 15:21:39 UTC
Red Hat Product Errata RHSA-2024:0616 0 None None None 2024-01-30 15:22:03 UTC
Red Hat Product Errata RHSA-2024:0618 0 None None None 2024-01-31 07:07:46 UTC
Red Hat Product Errata RHSA-2024:0619 0 None None None 2024-01-31 07:07:15 UTC
Red Hat Product Errata RHSA-2024:0622 0 None None None 2024-01-30 16:07:49 UTC
Red Hat Product Errata RHSA-2024:0623 0 None None None 2024-01-30 16:08:03 UTC

Description Mauro Matteo Cascella 2024-01-23 20:55:08 UTC 
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742
Comment 25 errata-xmlrpc 2024-01-30 11:00:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0559 https://access.redhat.com/errata/RHSA-2024:0559
Comment 26 errata-xmlrpc 2024-01-30 12:30:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0565 https://access.redhat.com/errata/RHSA-2024:0565
Comment 27 errata-xmlrpc 2024-01-30 14:09:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0596 https://access.redhat.com/errata/RHSA-2024:0596
Comment 28 errata-xmlrpc 2024-01-30 14:10:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0598 https://access.redhat.com/errata/RHSA-2024:0598
Comment 29 errata-xmlrpc 2024-01-30 14:15:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0600 https://access.redhat.com/errata/RHSA-2024:0600
Comment 30 errata-xmlrpc 2024-01-30 14:15:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0601 https://access.redhat.com/errata/RHSA-2024:0601
Comment 31 errata-xmlrpc 2024-01-30 14:15:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0603 https://access.redhat.com/errata/RHSA-2024:0603
Comment 32 errata-xmlrpc 2024-01-30 14:16:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0602 https://access.redhat.com/errata/RHSA-2024:0602
Comment 33 errata-xmlrpc 2024-01-30 14:18:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0604 https://access.redhat.com/errata/RHSA-2024:0604
Comment 34 errata-xmlrpc 2024-01-30 14:18:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0605 https://access.redhat.com/errata/RHSA-2024:0605
Comment 35 errata-xmlrpc 2024-01-30 14:53:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0608 https://access.redhat.com/errata/RHSA-2024:0608
Comment 36 errata-xmlrpc 2024-01-30 14:54:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0609 https://access.redhat.com/errata/RHSA-2024:0609
Comment 37 errata-xmlrpc 2024-01-30 15:21:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0615 https://access.redhat.com/errata/RHSA-2024:0615
Comment 38 errata-xmlrpc 2024-01-30 15:22:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0616 https://access.redhat.com/errata/RHSA-2024:0616
Comment 39 errata-xmlrpc 2024-01-30 16:07:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0622 https://access.redhat.com/errata/RHSA-2024:0622
Comment 40 errata-xmlrpc 2024-01-30 16:08:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0623 https://access.redhat.com/errata/RHSA-2024:0623
Comment 41 errata-xmlrpc 2024-01-31 07:07:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0619 https://access.redhat.com/errata/RHSA-2024:0619
Comment 42 errata-xmlrpc 2024-01-31 07:07:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0618 https://access.redhat.com/errata/RHSA-2024:0618
Note You need to log in before you can comment on or make changes to this bug.