CVE-2024-11700

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-11700
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1836921 Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
History

03 Apr 2025, 13:32

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
First Time Mozilla
Mozilla thunderbird
Mozilla firefox
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1836921 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1836921 - Issue Tracking
References () https://www.mozilla.org/security/advisories/mfsa2024-63/ - () https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-67/ - () https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory

02 Dec 2024, 15:15

Type Values Removed Values Added
Summary (en) Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. (en) Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

27 Nov 2024, 16:15

Type Values Removed Values Added
CWE CWE-1021
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
Summary
  • (es) Es posible que los sitios web maliciosos hayan podido confirmar la intención del usuario mediante tapjacking. Esto podría haber provocado que los usuarios aprobaran sin saberlo el lanzamiento de aplicaciones externas, lo que podría exponerlos a vulnerabilidades subyacentes. Esta vulnerabilidad afecta a Firefox &lt; 133 y Thunderbird &lt; 133.

26 Nov 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-26 14:15

Updated : 2025-04-03 13:32

NVD link : CVE-2024-11700

Mitre link : CVE-2024-11700

CVE.ORG link : CVE-2024-11700

JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames