CVE-2024-0750

high

Published 2024-01-30 · Modified 2024-02-01

CVSS v3

—

CVSS v2

—

VIR risk

8.0

Description

Important: firefox security update

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-0603.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-0602.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0609.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0609

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0608.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259934

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259933

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259932

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259931

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259930

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259929

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259928

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259927

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259926

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0608

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-0750

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0608

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0609

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:0603

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:0602

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description Mozilla: Potential permissions request bypass via clickjacking Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

Mozilla: Potential permissions request bypass via clickjacking

Red Hat statement

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 7	`firefox-0:115.7.0-1.el7_9`	RHSA-2024:0600	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 7	`thunderbird-0:115.7.0-1.el7_9`	RHSA-2024:0601	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8	`firefox-0:115.7.0-1.el8_9`	RHSA-2024:0608	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8	`thunderbird-0:115.7.0-1.el8_9`	RHSA-2024:0609	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`firefox-0:115.7.0-1.el8_2`	RHSA-2024:0618	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`thunderbird-0:115.7.0-1.el8_2`	RHSA-2024:0619	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	`firefox-0:115.7.0-1.el8_2`	RHSA-2024:0618	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	`thunderbird-0:115.7.0-1.el8_2`	RHSA-2024:0619	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	`firefox-0:115.7.0-1.el8_2`	RHSA-2024:0618	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	`thunderbird-0:115.7.0-1.el8_2`	RHSA-2024:0619	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`firefox-0:115.7.0-1.el8_4`	RHSA-2024:0559	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`thunderbird-0:115.7.0-1.el8_4`	RHSA-2024:0565	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`firefox-0:115.7.0-1.el8_4`	RHSA-2024:0559	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	`thunderbird-0:115.7.0-1.el8_4`	RHSA-2024:0565	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`firefox-0:115.7.0-1.el8_4`	RHSA-2024:0559	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	`thunderbird-0:115.7.0-1.el8_4`	RHSA-2024:0565	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`firefox-0:115.7.0-1.el8_6`	RHSA-2024:0622	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`thunderbird-0:115.7.0-1.el8_6`	RHSA-2024:0623	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`firefox-0:115.7.0-1.el8_8`	RHSA-2024:0596	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`thunderbird-0:115.7.0-1.el8_8`	RHSA-2024:0598	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9	`thunderbird-0:115.7.0-1.el9_3`	RHSA-2024:0602	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9	`firefox-0:115.7.0-1.el9_3`	RHSA-2024:0603	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`firefox-0:115.7.0-1.el9_0`	RHSA-2024:0615	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`thunderbird-0:115.7.0-1.el9_0`	RHSA-2024:0616	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`firefox-0:115.7.0-1.el9_2`	RHSA-2024:0604	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`thunderbird-0:115.7.0-1.el9_2`	RHSA-2024:0605	2024-01-30T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`firefox`	Out of support scope
Red Hat Enterprise Linux 6	`thunderbird`	Out of support scope

Apply commands

bash fix

Apply RHSA-2024:0600 for Red Hat Enterprise Linux 7

yum update -y firefox
# or:
dnf upgrade -y firefox

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
debian	sid	fixed	`122.0-1`
debian	bookworm	fixed	`115.7.0esr-1~deb12u1`
debian	bullseye	fixed	`115.7.0esr-1~deb11u1`
debian	forky	fixed	`115.7.0esr-1`
debian	trixie	fixed	`115.7.0esr-1`

References

Verify integrity in audit chain (admin only). AS-IS.