CVE-2024-11701

Published: Nov 26, 2024Modified: Apr 5, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Affected (2)

Products: Mozilla: Firefox, Thunderbird

Mozilla

2 products

Firefox

Thunderbird

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 133.0
Mozilla Thunderbird	Before 133.0

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (3)

https://bugzilla.mozilla.org/show_bug.cgi?id=1914797

Source: security@mozilla.org

Issue Tracking

https://www.mozilla.org/security/advisories/mfsa2024-63/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-67/

Source: security@mozilla.org

Vendor Advisory

Timeline

No history available yet.