CVE-2024-11696 — Mozilla Firefox vulnerability

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 133.0-1 (sid)	firefox 133.0-1 (sid)
debian	firefox-esr	< firefox 133.0-1 (sid)	firefox 133.0-1 (sid)
debian	thunderbird	< firefox 133.0-1 (sid)	firefox 133.0-1 (sid)
mozilla	firefox	< 128.5.0	128.5.0
mozilla	firefox	< 133.0	133.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 133.0+build2-0ubuntu0.20.04.1	133.0+build2-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 133	133
mozilla	firefox_esr	>= unspecified < 128.5	128.5
mozilla	thunderbird	< 128.5.0	128.5.0
mozilla	thunderbird	>= 0 < 1:128.5.0esr-1~deb11u1	1:128.5.0esr-1~deb11u1
mozilla	thunderbird	>= 0 < 1:128.5.0esr-1~deb12u1	1:128.5.0esr-1~deb12u1
mozilla	thunderbird	>= 0 < 1:128.5.0esr-1	1:128.5.0esr-1
mozilla	thunderbird	>= 0 < 1:128.5.0esr-1	1:128.5.0esr-1
mozilla	thunderbird	>= 129.0 < 133.0	133.0
mozilla	thunderbird	>= unspecified < 133	133
mozilla	thunderbird	>= unspecified < 128.5	128.5

Ubuntu

Firefox vulnerabilities

vendor_ubuntu·2024-12-03·CVSS 4.3

CVE-2024-11692 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705, CVE-2024-11706, CVE-2024-11708) Instructions: After a standard system update you need to restart Firefox to make all the necessary changes

Red Hat

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

vendor_redhat·2024-11-26·CVSS 5.4

CVE-2024-11696 [MEDIUM] CWE-354 firefox: thunderbird: Unhandled Exception in Add-on Signature Verification firefox: thunderbird: Unhandled Exception in Add-on Signature Verification The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. The Mozilla Foundation's Security Advisory: T

Debian

CVE-2024-11696: firefox - The application failed to account for exceptions thrown by the `loadManifestFrom...

vendor_debian·2024·CVSS 5.4

CVE-2024-11696 [MEDIUM] CVE-2024-11696: firefox - The application failed to account for exceptions thrown by the `loadManifestFrom... The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Scope: local sid: resolved (fixed in 133.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-67: CVE-2024-11696

vendor_mozilla·CVSS 5.4

CVE-2024-11696 [MEDIUM] Mozilla Foundation Security Advisory 2024-67: CVE-2024-11696 Mozilla Foundation Security Advisory 2024-67 CVE: CVE-2024-11696 Product: Thunderbird Impact: high Fixed in: Thunderbird 133

Mozilla

Mozilla Foundation Security Advisory 2024-68: CVE-2024-11696

vendor_mozilla·CVSS 5.4

CVE-2024-11696 [MEDIUM] Mozilla Foundation Security Advisory 2024-68: CVE-2024-11696 Mozilla Foundation Security Advisory 2024-68 CVE: CVE-2024-11696 Product: Thunderbird Impact: high Fixed in: Thunderbird 128.5

Mozilla

Mozilla Foundation Security Advisory 2024-64: CVE-2024-11696

vendor_mozilla·CVSS 5.4

CVE-2024-11696 [MEDIUM] Mozilla Foundation Security Advisory 2024-64: CVE-2024-11696 Mozilla Foundation Security Advisory 2024-64 CVE: CVE-2024-11696 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 128.5

Mozilla

Mozilla Foundation Security Advisory 2024-63: CVE-2024-11696

vendor_mozilla·CVSS 5.4

CVE-2024-11696 [MEDIUM] Mozilla Foundation Security Advisory 2024-63: CVE-2024-11696 Mozilla Foundation Security Advisory 2024-63 CVE: CVE-2024-11696 Product: Firefox Impact: high Fixed in: Firefox 133

OSV

firefox vulnerabilities

osv·2024-12-03·CVSS 4.3

CVE-2024-11692 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705, CVE-2024-11706, CVE-2024-11708)

GHSA

GHSA-g5wv-cvf4-2r98: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification

ghsa_unreviewed·2024-11-26

CVE-2024-11696 [MEDIUM] CWE-347 GHSA-g5wv-cvf4-2r98: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

OSV

CVE-2024-11696: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification

osv·2024-11-26·CVSS 5.4

CVE-2024-11696 [MEDIUM] CVE-2024-11696: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVE-2024-11696: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an…

Affected

CVSS provenance