CVE-2024-11694
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Nov 26, 2024
Updated: Dec 13, 2024
CWE ID 79
Summary
CVE-2024-11694 is a vulnerability affecting Firefox versions below 133, Firefox ESR below 128.5, Firefox ESR below 115.18, Thunderbird versions below 133, Thunderbird versions below 128.5, and Thunderbird versions below 115.18. In Enhanced Tracking Protection's Strict mode, a CSP `frame-src` bypass and DOM-based XSS were discovered. These issues were linked to the Google SafeFrame shim in the Web Compatibility extension. Malicious frames that mimicked legitimate content could have exploited this vulnerability, posing a risk to users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mozilla Thunderbird
- Mozilla Firefox
Affected Vendors
- Mozilla