Lucene search

K
vulnrichmentMozillaVULNRICHMENT:CVE-2024-11697
HistoryNov 26, 2024 - 1:33 p.m.

CVE-2024-11697

2024-11-2613:33:59
mozilla
github.com
5
vulnerability
keypress events
malicious code execution
firefox
thunderbird

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

When handling keypress events, an attacker may have been able to trick a user into bypassing the “Open Executable File?” confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mozilla",
    "product": "firefox",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "133",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
    ],
    "vendor": "mozilla",
    "product": "firefox_esr",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "128.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mozilla",
    "product": "thunderbird",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "133",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "128.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total