CVE-2024-11692Authentication Bypass by Spoofing in Mozilla Firefox

CWE-290Authentication Bypass by SpoofingCWE-451User Interface (UI) Misrepresentation of Critical Information12 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 75.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedNov 26
Latest updateDec 3

Description

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified133
NVDmozilla/firefox< 128.5.0+1
CVEListV5mozilla/firefox_esrunspecified128.5
CVEListV5mozilla/thunderbirdunspecified133+1
NVDmozilla/thunderbird129.0133.0+1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-12-03
GHSA
GHSA-cpxj-fx45-9pgm: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks2024-11-26
CVEList
CVE-2024-11692: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks2024-11-26
OSV
CVE-2024-11692: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks2024-11-26

📋Vendor Advisories

7
Ubuntu
Firefox vulnerabilities2024-12-03
Red Hat
firefox: thunderbird: Select list elements could be shown over another site2024-11-26
Debian
CVE-2024-11692: firefox - An attacker could cause a select dropdown to be shown over another tab; this cou...2024
Mozilla
Mozilla Foundation Security Advisory 2024-68: CVE-2024-11692
Mozilla
Mozilla Foundation Security Advisory 2024-67: CVE-2024-11692
CVE-2024-11692 — Authentication Bypass by Spoofing | cvebase