CVE-2024-11700 — UI Misrepresentation / Clickjacking

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 134.0-1 (sid)	firefox 134.0-1 (sid)
mozilla	firefox	< 133.0	133.0
mozilla	firefox	—	—
mozilla	firefox	>= unspecified < 133	133
mozilla	thunderbird	< 133.0	133.0
mozilla	thunderbird	>= unspecified < 133	133

Red Hat

firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android

vendor_redhat·2024-11-26·CVSS 8.1

CVE-2024-11700 [HIGH] CWE-356 firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. The Mozilla Foundation's Security Advisory: Malicious websites may be able to user intent confirmation through tapjacking. This could lead to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox

Debian

CVE-2024-11700: firefox - Malicious websites may have been able to perform user intent confirmation throug...

vendor_debian·2024·CVSS 8.1

CVE-2024-11700 [HIGH] CVE-2024-11700: firefox - Malicious websites may have been able to perform user intent confirmation throug... Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. Scope: local sid: resolved (fixed in 134.0-1)

Mozilla

Mozilla Foundation Security Advisory 2024-67: CVE-2024-11700

vendor_mozilla·CVSS 8.1

CVE-2024-11700 [HIGH] Mozilla Foundation Security Advisory 2024-67: CVE-2024-11700 Mozilla Foundation Security Advisory 2024-67 CVE: CVE-2024-11700 Product: Thunderbird Impact: high Fixed in: Thunderbird 133

Mozilla

Mozilla Foundation Security Advisory 2024-63: CVE-2024-11700

vendor_mozilla·CVSS 8.1

CVE-2024-11700 [HIGH] Mozilla Foundation Security Advisory 2024-63: CVE-2024-11700 Mozilla Foundation Security Advisory 2024-63 CVE: CVE-2024-11700 Product: Firefox Impact: high Fixed in: Firefox 133

OSV

CVE-2024-11700: Malicious websites may have been able to perform user intent confirmation through tapjacking

osv·2024-11-26·CVSS 8.1

CVE-2024-11700 [HIGH] CVE-2024-11700: Malicious websites may have been able to perform user intent confirmation through tapjacking Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

GHSA

GHSA-845f-27fw-gjw9: Malicious websites may have been able to user intent confirmation through tapjacking

ghsa_unreviewed·2024-11-26

CVE-2024-11700 [HIGH] CWE-1021 GHSA-845f-27fw-gjw9: Malicious websites may have been able to user intent confirmation through tapjacking Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVE-2024-11700: Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of…

Affected

CVSS provenance