CVE-2024-11706
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-11706 is a vulnerability affecting Firefox version 132 and older, as well as Thunderbird version 132 and below. The issue stems from a null pointer dereference in the `SEC_ASN1DecodeItem_Util` function within `pk12util`. This vulnerability is triggered when the function encounters malformed or improproperly formatted input files. Successful exploitation could lead to application crashes and potentially more severe consequences, such as arbitrary code execution. Users of Firefox and Thunderbird are advised to update to the latest versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Mozilla Thunderbird
- Mozilla Firefox
Affected Vendors
- Mozilla