CVE-2024-11696

{"id": "CVE-2024-11696", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-11-26T14:15:19.143", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5."}, {"lang": "es", "value": "La aplicaci\u00f3n no tuvo en cuenta las excepciones generadas por el m\u00e9todo `loadManifestFromFile` durante la verificaci\u00f3n de la firma del complemento. Esta falla, provocada por un manifiesto de extensi\u00f3n no v\u00e1lido o no compatible, podr\u00eda haber causado errores de tiempo de ejecuci\u00f3n que interrumpieron el proceso de validaci\u00f3n de la firma. Como resultado, es posible que se haya omitido la aplicaci\u00f3n de la validaci\u00f3n de la firma para complementos no relacionados. La validaci\u00f3n de la firma en este contexto se utiliza para garantizar que las aplicaciones de terceros en la computadora del usuario no hayan alterado las extensiones del usuario, lo que limita el impacto de este problema. Esta vulnerabilidad afecta a Firefox &lt; 133, Firefox ESR &lt; 128.5, Thunderbird &lt; 133 y Thunderbird &lt; 128.5."}], "lastModified": "2025-06-24T17:01:51.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "vulnerable": true, "matchCriteriaId": "883C5169-FA69-4478-BE73-4F36AB746D39", "versionEndExcluding": "128.5.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B0358306-5BCC-49DE-B7A5-429C8BC71BBA", "versionEndExcluding": "133.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C047DD2-FCBA-4474-8AAE-DBB9A5142E4F", "versionEndExcluding": "128.5.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "809C8F59-3AAB-49E8-9F18-6884EC6E4E92", "versionEndExcluding": "133.0", "versionStartIncluding": "129.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}