CVE-2024-11701Authentication Bypass by Spoofing in Mozilla Firefox

CWE-290Authentication Bypass by SpoofingCWE-451User Interface (UI) Misrepresentation of Critical Information10 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedNov 26
Latest updateDec 3

Description

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified133
NVDmozilla/firefox< 133.0
CVEListV5mozilla/thunderbirdunspecified133
NVDmozilla/thunderbird< 133.0
Ubuntumozilla/firefox< 133.0+build2-0ubuntu0.20.04.1

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-12-03
OSV
CVE-2024-11701: The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt2024-11-26
CVEList
CVE-2024-11701: The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt2024-11-26
GHSA
GHSA-p9vw-xw86-3f2w: The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt2024-11-26

📋Vendor Advisories

5
Ubuntu
Firefox vulnerabilities2024-12-03
Red Hat
firefox: thunderbird: Misleading Address Bar State During Navigation Interruption2024-11-26
Debian
CVE-2024-11701: firefox - The incorrect domain may have been displayed in the address bar during an interr...2024
Mozilla
Mozilla Foundation Security Advisory 2024-67: CVE-2024-11701
Mozilla
Mozilla Foundation Security Advisory 2024-63: CVE-2024-11701
CVE-2024-11701 — Authentication Bypass by Spoofing | cvebase