CVE-2024-11695
published 2024-11-26CVE-2024-11695: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This…
medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 133.0-1 (sid) | firefox 133.0-1 (sid) |
| debian | firefox-esr | < firefox 133.0-1 (sid) | firefox 133.0-1 (sid) |
| debian | thunderbird | < firefox 133.0-1 (sid) | firefox 133.0-1 (sid) |
| mozilla | firefox | < 128.5.0 | 128.5.0 |
| mozilla | firefox | < 133.0 | 133.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 133.0+build2-0ubuntu0.20.04.1 | 133.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 133 | 133 |
| mozilla | firefox_esr | >= unspecified < 128.5 | 128.5 |
| mozilla | thunderbird | < 128.5.0 | 128.5.0 |
| mozilla | thunderbird | >= 0 < 1:128.5.0esr-1~deb11u1 | 1:128.5.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.5.0esr-1~deb12u1 | 1:128.5.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.5.0esr-1 | 1:128.5.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.5.0esr-1 | 1:128.5.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 133.0 | 133.0 |
| mozilla | thunderbird | >= unspecified < 133 | 133 |
| mozilla | thunderbird | >= unspecified < 128.5 | 128.5 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
osv5.4MEDIUM
OSV
firefox vulnerabilities
osv·2024-12-03·CVSS 4.3
CVE-2024-11692 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
OSV
CVE-2024-11695: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing atta
osv·2024-11-26·CVSS 5.4
CVE-2024-11695 [MEDIUM] CVE-2024-11695: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing atta
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
GHSA
GHSA-rh22-rcv2-42x3: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing atta
ghsa_unreviewed·2024-11-26
CVE-2024-11695 [MEDIUM] CWE-1021 GHSA-rh22-rcv2-42x3: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing atta
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-12-03·CVSS 4.3
CVE-2024-11692 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
Instructions: After a standard system update you need to restart Firefox to make all the
necessary changes
Red Hat
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
vendor_redhat·2024-11-26·CVSS 5.4
CVE-2024-11695 [MEDIUM] CWE-451 firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 10) - Affected
Pa
Debian
CVE-2024-11695: firefox - A crafted URL containing Arabic script and whitespace characters could have hidd...
vendor_debian·2024·CVSS 5.4
CVE-2024-11695 [MEDIUM] CVE-2024-11695: firefox - A crafted URL containing Arabic script and whitespace characters could have hidd...
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Scope: local
sid: resolved (fixed in 133.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-64: CVE-2024-11695
vendor_mozilla·CVSS 5.4
CVE-2024-11695 [MEDIUM] Mozilla Foundation Security Advisory 2024-64: CVE-2024-11695
Mozilla Foundation Security Advisory 2024-64
CVE: CVE-2024-11695
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.5
Mozilla
Mozilla Foundation Security Advisory 2024-63: CVE-2024-11695
vendor_mozilla·CVSS 5.4
CVE-2024-11695 [MEDIUM] Mozilla Foundation Security Advisory 2024-63: CVE-2024-11695
Mozilla Foundation Security Advisory 2024-63
CVE: CVE-2024-11695
Product: Firefox
Impact: high
Fixed in: Firefox 133
Mozilla
Mozilla Foundation Security Advisory 2024-68: CVE-2024-11695
vendor_mozilla·CVSS 5.4
CVE-2024-11695 [MEDIUM] Mozilla Foundation Security Advisory 2024-68: CVE-2024-11695
Mozilla Foundation Security Advisory 2024-68
CVE: CVE-2024-11695
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.5
Mozilla
Mozilla Foundation Security Advisory 2024-67: CVE-2024-11695
vendor_mozilla·CVSS 5.4
CVE-2024-11695 [MEDIUM] Mozilla Foundation Security Advisory 2024-67: CVE-2024-11695
Mozilla Foundation Security Advisory 2024-67
CVE: CVE-2024-11695
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 133
No detection rules found.
No public exploits indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1925496https://www.mozilla.org/security/advisories/mfsa2024-63/https://www.mozilla.org/security/advisories/mfsa2024-64/https://www.mozilla.org/security/advisories/mfsa2024-67/https://www.mozilla.org/security/advisories/mfsa2024-68/https://lists.debian.org/debian-lts-announce/2024/11/msg00029.html
2024-11-26
Published