CVE-2024-11697
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 26, 2024
Updated: Nov 27, 2024
CWE ID 94
Summary
CVE-2024-11697 is a cybersecurity vulnerability affecting Firefox versions under 133 and Firefox ESR under 128.5, as well as Thunderbird versions under 133 and Thunderbird ESR under 128.5. The issue lies in the handling of keypress events, which an attacker could exploit to bypass the "Open Executable File?" confirmation dialog. By tricking users into performing certain actions, the attacker might gain the ability to execute malicious code. Users are advised to update their browsers to the latest versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mozilla Thunderbird
- Mozilla Firefox
- Mozilla Firefox ESR
Affected Vendors
- Mozilla