CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-2609

Medium Severity
Debian
SVRS
30/100
CVSSv3
6.1/10
EPSS
0.00433/1

CVE-2024-2609 is a clickjacking vulnerability affecting Firefox, Firefox ESR, and Thunderbird. This flaw allows malicious websites to potentially hijack user clicks due to a permission prompt input delay. The vulnerability exists because the permission prompt's input delay can expire when the window is not in focus. With a SOCRadar Vulnerability Risk Score (SVRS) of 30, this vulnerability is not considered critical; however, it should still be addressed in a timely manner. Although the CVSS score is 6.1, the lower SVRS indicates limited real-world exploitability based on SOCRadar's vulnerability intelligence. Update to the latest versions of Firefox, Firefox ESR, and Thunderbird to mitigate the security risk. While not immediately critical, patching remains important to prevent potential exploitation and maintain a strong security posture.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:C
C:L
I:L
A:N
PUBLICATION DATE2024-03-19
LAST MODIFIED2025-04-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-2609 | Mozilla Firefox up to 123 Permission Prompt ui layer (DLA 3791-1 / Nessus ID 208559)
vuldb.com2025-04-14
CVE-2024-2609 | Mozilla Firefox up to 123 Permission Prompt ui layer (DLA 3791-1 / Nessus ID 208559) | A vulnerability classified as problematic has been found in Mozilla Firefox up to 123. This affects an unknown part of the component Permission Prompt Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2024-2609. It is
vuldb.com
rss
forum
news
CVE-2024-2609 | Mozilla Firefox up to 123 Permission Prompt ui layer (DLA 3791-1)
vuldb.com2024-05-02
CVE-2024-2609 | Mozilla Firefox up to 123 Permission Prompt ui layer (DLA 3791-1) | A vulnerability classified as problematic has been found in Mozilla Firefox up to 123. This affects an unknown part of the component Permission Prompt Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2024-2609. It is possible to initiate
cve-2024-2609
domains
urls
cves
USN-6750-1: Thunderbird vulnerabilities
2024-04-25
USN-6750-1: Thunderbird vulnerabilities | Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852, CVE-2024-3864) Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-3302) Lukas Bernhard discovered that Thunderbird did not properly manage memory during
ubuntu.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 2
TypeVendorProduct
OSDebiandebian_linux

References

ReferenceLink
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-12/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-12/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-19/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-12/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-19/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-12/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-19/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-20/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-12/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-19/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-20/
GITHUBhttps://bugzilla.mozilla.org/show_bug.cgi?id=1866100
AF854A3A-2127-422B-91AE-364DA2661108https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.mozilla.org/security/advisories/mfsa2024-12/
AF854A3A-2127-422B-91AE-364DA2661108https://www.mozilla.org/security/advisories/mfsa2024-19/
AF854A3A-2127-422B-91AE-364DA2661108https://www.mozilla.org/security/advisories/mfsa2024-20/
[email protected]https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-12/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-19/
[email protected]https://www.mozilla.org/security/advisories/mfsa2024-20/

CWE Details

CWE IDCWE NameDescription
CWE-356Product UI does not Warn User of Unsafe ActionsThe software's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence