| Name | CVE-2024-0742 |
| Description | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3720-1, DLA-3727-1, DSA-5605-1, DSA-5606-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firefox (PTS) | sid | 132.0.2-1 | fixed |
| firefox-esr (PTS) | jessie, jessie (lts) | 68.9.0esr-1~deb8u2 | vulnerable |
| stretch (security), stretch (lts), stretch | 91.11.0esr-1~deb9u1 | vulnerable | |
| buster (security), buster, buster (lts) | 115.12.0esr-1~deb10u1 | fixed | |
| bullseye | 115.14.0esr-1~deb11u1 | fixed | |
| bullseye (security) | 128.4.0esr-1~deb11u1 | fixed | |
| bookworm | 128.3.1esr-1~deb12u1 | fixed | |
| bookworm (security) | 128.4.0esr-1~deb12u1 | fixed | |
| sid, trixie | 128.4.0esr-1 | fixed | |
| thunderbird (PTS) | jessie, jessie (lts) | 1:68.9.0-1~deb8u2 | vulnerable |
| stretch (security), stretch (lts), stretch | 1:91.10.0-1~deb9u1 | vulnerable | |
| buster (security), buster, buster (lts) | 1:115.12.0-1~deb10u1 | fixed | |
| bullseye | 1:115.12.0-1~deb11u1 | fixed | |
| bullseye (security) | 1:128.4.3esr-1~deb11u1 | fixed | |
| bookworm | 1:115.16.0esr-1~deb12u1 | fixed | |
| bookworm (security) | 1:128.4.3esr-1~deb12u1 | fixed | |
| sid, trixie | 1:128.4.3esr-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firefox | source | (unstable) | 122.0-1 | |||
| firefox-esr | source | jessie | (unfixed) | end-of-life | ||
| firefox-esr | source | stretch | (unfixed) | end-of-life | ||
| firefox-esr | source | buster | 115.7.0esr-1~deb10u1 | DLA-3727-1 | ||
| firefox-esr | source | bullseye | 115.7.0esr-1~deb11u1 | DSA-5606-1 | ||
| firefox-esr | source | bookworm | 115.7.0esr-1~deb12u1 | DSA-5606-1 | ||
| firefox-esr | source | (unstable) | 115.7.0esr-1 | |||
| thunderbird | source | jessie | (unfixed) | end-of-life | ||
| thunderbird | source | stretch | (unfixed) | end-of-life | ||
| thunderbird | source | buster | 1:115.7.0-1~deb10u1 | DLA-3720-1 | ||
| thunderbird | source | bullseye | 1:115.7.0-1~deb11u1 | DSA-5605-1 | ||
| thunderbird | source | bookworm | 1:115.7.0-1~deb12u1 | DSA-5605-1 | ||
| thunderbird | source | (unstable) | 1:115.7.0-1 |
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0742
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742