CVE-2024-11697

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 26, 2024
Updated: Nov 27, 2024
CWE ID 94

Summary

CVE-2024-11697 is a cybersecurity vulnerability affecting Firefox versions under 133 and Firefox ESR under 128.5, as well as Thunderbird versions under 133 and Thunderbird ESR under 128.5. The issue lies in the handling of keypress events, which an attacker could exploit to bypass the "Open Executable File?" confirmation dialog. By tricking users into performing certain actions, the attacker might gain the ability to execute malicious code. Users are advised to update their browsers to the latest versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mozilla Thunderbird
  • Mozilla Firefox
  • Mozilla Firefox ESR

Affected Vendors

  • Mozilla