CVE-2024-11706

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 476

Summary

CVE-2024-11706 is a vulnerability affecting Firefox version 132 and older, as well as Thunderbird version 132 and below. The issue stems from a null pointer dereference in the `SEC_ASN1DecodeItem_Util` function within `pk12util`. This vulnerability is triggered when the function encounters malformed or improproperly formatted input files. Successful exploitation could lead to application crashes and potentially more severe consequences, such as arbitrary code execution. Users of Firefox and Thunderbird are advised to update to the latest versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mozilla Thunderbird
  • Mozilla Firefox

Affected Vendors

  • Mozilla