CVE-2024-11694

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 26, 2024
Updated: Dec 13, 2024
CWE ID 79

Summary

CVE-2024-11694 is a vulnerability affecting Firefox versions below 133, Firefox ESR below 128.5, Firefox ESR below 115.18, Thunderbird versions below 133, Thunderbird versions below 128.5, and Thunderbird versions below 115.18. In Enhanced Tracking Protection's Strict mode, a CSP `frame-src` bypass and DOM-based XSS were discovered. These issues were linked to the Google SafeFrame shim in the Web Compatibility extension. Malicious frames that mimicked legitimate content could have exploited this vulnerability, posing a risk to users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mozilla Thunderbird
  • Mozilla Firefox

Affected Vendors

  • Mozilla