CVE-2024-11693
published 2024-11-26CVE-2024-11693: The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 128.5.0 | 128.5.0 |
| mozilla | firefox | < 133.0 | 133.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 133 | 133 |
| mozilla | firefox_esr | >= unspecified < 128.5 | 128.5 |
| mozilla | thunderbird | < 128.5.0 | 128.5.0 |
| mozilla | thunderbird | >= 129.0 < 133.0 | 133.0 |
| mozilla | thunderbird | >= unspecified < 133 | 133 |
| mozilla | thunderbird | >= unspecified < 128.5 | 128.5 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Red Hat
firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
vendor_redhat·2024-11-26·CVSS 9.8
CVE-2024-11693 [CRITICAL] CWE-356 firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package:
Debian
CVE-2024-11693: firefox - The executable file warning was not presented when downloading .library-ms files...
vendor_debian·2024·CVSS 9.8
CVE-2024-11693 [CRITICAL] CVE-2024-11693: firefox - The executable file warning was not presented when downloading .library-ms files...
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-63: CVE-2024-11693
vendor_mozilla·CVSS 9.8
CVE-2024-11693 [CRITICAL] Mozilla Foundation Security Advisory 2024-63: CVE-2024-11693
Mozilla Foundation Security Advisory 2024-63
CVE: CVE-2024-11693
Product: Firefox
Impact: high
Fixed in: Firefox 133
Mozilla
Mozilla Foundation Security Advisory 2024-68: CVE-2024-11693
vendor_mozilla·CVSS 9.8
CVE-2024-11693 [CRITICAL] Mozilla Foundation Security Advisory 2024-68: CVE-2024-11693
Mozilla Foundation Security Advisory 2024-68
CVE: CVE-2024-11693
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.5
Mozilla
Mozilla Foundation Security Advisory 2024-64: CVE-2024-11693
vendor_mozilla·CVSS 9.8
CVE-2024-11693 [CRITICAL] Mozilla Foundation Security Advisory 2024-64: CVE-2024-11693
Mozilla Foundation Security Advisory 2024-64
CVE: CVE-2024-11693
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.5
Mozilla
Mozilla Foundation Security Advisory 2024-67: CVE-2024-11693
vendor_mozilla·CVSS 9.8
CVE-2024-11693 [CRITICAL] Mozilla Foundation Security Advisory 2024-67: CVE-2024-11693
Mozilla Foundation Security Advisory 2024-67
CVE: CVE-2024-11693
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 133
OSV
CVE-2024-11693: The executable file warning was not presented when downloading
osv·2024-11-26·CVSS 9.8
CVE-2024-11693 [CRITICAL] CVE-2024-11693: The executable file warning was not presented when downloading
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
GHSA
GHSA-qxf6-g9x3-8w74: The executable file warning was not presented when downloading
ghsa_unreviewed·2024-11-26
CVE-2024-11693 [CRITICAL] GHSA-qxf6-g9x3-8w74: The executable file warning was not presented when downloading
The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-26
Published