How severe is CVE-2024-0749?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-0749?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2024-0749

MEDIUM Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-346

View all →

Vulnerability Description

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

CVE-2017-8523

MEDIUM

CVSS:4.3(Medium)

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to co...

CWE-3462017

CVE-2018-8112

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft ...

CWE-3462018

CVE-2018-8235

MEDIUM

CVSS:4.3(Medium)

CWE-3462018

CVE-2019-1413

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass ...

CWE-3462019

CVE-2020-12397

MEDIUM

CVSS:4.3(Medium)

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

CWE-3462020

CVE-2020-28481

MEDIUM

CVSS:4.3(Medium)

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

CWE-3462020

CVE-2024-0749

Vulnerability Description

Related Vulnerabilities

CVE-2017-8523

CVE-2018-8112

CVE-2018-8235

CVE-2019-1413

CVE-2020-12397

CVE-2020-28481