CVE-2024-11696 — Improper Verification of Cryptographic Signature in Mozilla Firefox
Severity
5.4MEDIUMNVD
OSV4.3
EPSS
0.0%
top 86.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 26
Latest updateDec 3
Description
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not t…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5
Affected Packages7 packages
🔴Vulnerability Details
4CVEList▶
CVE-2024-11696: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification↗2024-11-26
GHSA▶
GHSA-g5wv-cvf4-2r98: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification↗2024-11-26
OSV▶
CVE-2024-11696: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification↗2024-11-26
📋Vendor Advisories
7Debian▶
CVE-2024-11696: firefox - The application failed to account for exceptions thrown by the `loadManifestFrom...↗2024