CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11696 – firefox: thunderbird: Unhandled Exception in Add-on Signature Verification
https://notcve.org/view.php?id=CVE-2024-11696
26 Nov 2024 — The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with... • https://bugzilla.mozilla.org/show_bug.cgi?id=1929600 • CWE-347: Improper Verification of Cryptographic Signature CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11703
https://notcve.org/view.php?id=CVE-2024-11703
26 Nov 2024 — On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1928779 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11695 – firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
https://notcve.org/view.php?id=CVE-2024-11695
26 Nov 2024 — A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing at... • https://bugzilla.mozilla.org/show_bug.cgi?id=1925496 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-11694 – firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
https://notcve.org/view.php?id=CVE-2024-11694
26 Nov 2024 — Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and D... • https://bugzilla.mozilla.org/show_bug.cgi?id=1924167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11693
https://notcve.org/view.php?id=CVE-2024-11693
26 Nov 2024 — The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1921458 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11702
https://notcve.org/view.php?id=CVE-2024-11702
26 Nov 2024 — Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1918884 • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11701 – Ubuntu Security Notice USN-7134-1
https://notcve.org/view.php?id=CVE-2024-11701
26 Nov 2024 — The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11692 – firefox: thunderbird: Select list elements could be shown over another site
https://notcve.org/view.php?id=CVE-2024-11692
26 Nov 2024 — An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. Multiple security is... • https://bugzilla.mozilla.org/show_bug.cgi?id=1909535 • CWE-290: Authentication Bypass by Spoofing CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11700 – Gentoo Linux Security Advisory 202501-10
https://notcve.org/view.php?id=CVE-2024-11700
26 Nov 2024 — Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underl... • https://bugzilla.mozilla.org/show_bug.cgi?id=1836921 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-11691
https://notcve.org/view.php?id=CVE-2024-11691
26 Nov 2024 — Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruptio... • https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 • CWE-787: Out-of-bounds Write •