CVE-2024-31392 - Vulnerability Details - OpenCVE

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apple	Iphone Os
Mozilla	Firefox

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1875925
https://www.mozilla.org/security/advisories/mfsa2024-17/

History

Wed, 09 Apr 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple iphone Os
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:o:apple:iphone_os:-:::::::*
Vendors & Products		Apple Apple iphone Os

Wed, 30 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
CPEs		cpe:2.3:a:mozilla:firefox::::::iphone_os::*
Vendors & Products		Mozilla Mozilla firefox
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-04-03T15:19:14.608Z

Updated: 2024-10-30T16:15:31.793Z

Reserved: 2024-04-02T17:33:52.111Z

Link: CVE-2024-31392

Vulnrichment

Updated: 2024-08-02T01:52:56.841Z

NVD

Status : Analyzed

Published: 2024-04-03T16:15:07.230

Modified: 2025-04-09T14:12:48.583

Link: CVE-2024-31392

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31392", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-04-02T17:33:52.111Z", "datePublished": "2024-04-03T15:19:14.608Z", "dateUpdated": "2024-10-30T16:15:31.793Z"}, "containers": {"cna": {"affected": [{"product": "Firefox for iOS", "vendor": "Mozilla", "versions": [{"lessThan": "124", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124."}]}], "problemTypes": [{"descriptions": [{"description": "Firefox on iOS would show pages with mixed content secure", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"}], "credits": [{"lang": "en", "value": "Chaykin Artem"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-04-03T15:19:14.608Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "affected": [{"vendor": "mozilla", "product": "firefox", "cpes": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "124", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-30T16:15:24.002365Z", "id": "CVE-2024-31392", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T16:15:31.793Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:56.841Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:56.841Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31392", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-30T16:15:24.002365Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"], "vendor": "mozilla", "product": "firefox", "versions": [{"status": "affected", "version": "0", "lessThan": "124", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.849Z"}}], "cna": {"credits": [{"lang": "en", "value": "Chaykin Artem"}], "affected": [{"vendor": "Mozilla", "product": "Firefox for iOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "124", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"}], "descriptions": [{"lang": "en", "value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.", "supportingMedia": [{"type": "text/html", "value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Firefox on iOS would show pages with mixed content secure"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-04-03T15:19:14.608Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31392", "state": "PUBLISHED", "dateUpdated": "2024-10-30T16:15:31.793Z", "dateReserved": "2024-04-02T17:33:52.111Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-04-03T15:19:14.608Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "51AD5A20-78CC-40F0-822B-B0925B718800", "versionEndExcluding": "124.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124."}, {"lang": "es", "value": "Si se agregaba un elemento inseguro a una p\u00e1gina despu\u00e9s de un retraso, Firefox no reemplazar\u00eda el \u00edcono seguro con un estado de seguridad de contenido mixto. Esta vulnerabilidad afecta a Firefox para iOS < 124."}], "id": "CVE-2024-31392", "lastModified": "2025-04-09T14:12:48.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-03T16:15:07.230", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}