{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10004","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","state":"PUBLISHED","assignerShortName":"mozilla","dateReserved":"2024-10-15T17:26:20.137Z","datePublished":"2024-10-15T21:29:01.383Z","dateUpdated":"2024-10-16T19:18:25.692Z"},"containers":{"cna":{"affected":[{"product":"Firefox for iOS","vendor":"Mozilla","versions":[{"lessThan":"131.2","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.","supportingMedia":[{"type":"text/html","base64":false,"value":"Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2."}]}],"problemTypes":[{"descriptions":[{"description":"Opening external link to HTTP website could show an HTTPS padlock icon incorrectly","lang":"en","type":"text"}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1904885"},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-54/"}],"credits":[{"lang":"en","value":"Erik van Straten"}],"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2024-10-15T21:29:01.383Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1021","lang":"en","description":"CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}],"affected":[{"vendor":"mozilla","product":"firefox","cpes":["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*","cpe:2.3:a:mozilla:firefox:*:*:*:*:*:ipad_os:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"131.2","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.1,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-10-16T19:18:14.288936Z","id":"CVE-2024-10004","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-16T19:18:25.692Z"}}]}}