CVE-2024-11702

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 26, 2024
Updated: Nov 27, 2024
CWE ID 838

Summary

CVE-2024-11702 is a vulnerability affecting Firefox version 132 and earlier, as well as Thunderbird version 132 and below for Android. In Private Browsing mode, this issue allows for the inadvertent storage of sensitive information, such as passwords, in cloud-based clipboard history if the feature is enabled. The vulnerability arises due to a misconfiguration, enabling copied data from Private Browsing sessions to be synced across devices and stored in the cloud. This could potentially lead to unintended disclosure of private information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mozilla Thunderbird
  • Mozilla Firefox

Affected Vendors

  • Mozilla