CVE-2024-3863
published 2024-04-16CVE-2024-3863: The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The executable file warning was not presented when downloading .xrm-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 115.10.0 | 115.10.0 |
| mozilla | firefox | < 125.0 | 125.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 125 | 125 |
| mozilla | firefox_esr | >= unspecified < 115.10 | 115.10 |
| mozilla | thunderbird | < 115.10 | 115.10 |
| mozilla | thunderbird | >= unspecified < 115.10 | 115.10 |
GHSA
GHSA-3vhm-v3w9-8mr8: The executable file warning was not presented when downloading
ghsa_unreviewed·2024-04-16
CVE-2024-3863 [CRITICAL] CWE-434 GHSA-3vhm-v3w9-8mr8: The executable file warning was not presented when downloading
The executable file warning was not presented when downloading .xrm-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.
Red Hat
Mozilla: Download Protections were bypassed by .xrm-ms files on Windows
vendor_redhat·2024-04-16·CVSS 9.8
CVE-2024-3863 [CRITICAL] CWE-357 Mozilla: Download Protections were bypassed by .xrm-ms files on Windows
Mozilla: Download Protections were bypassed by .xrm-ms files on Windows
The executable file warning was not presented when downloading .xrm-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
The Mozilla Foundation Security Advisory describes this flaw as:
The executable file warning was not presented when downloading .xrm-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Re
Debian
CVE-2024-3863: firefox - The executable file warning was not presented when downloading .xrm-ms files. ...
vendor_debian·2024·CVSS 9.8
CVE-2024-3863 [CRITICAL] CVE-2024-3863: firefox - The executable file warning was not presented when downloading .xrm-ms files. ...
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-18: CVE-2024-3863
vendor_mozilla·CVSS 9.8
CVE-2024-3863 [CRITICAL] Mozilla Foundation Security Advisory 2024-18: CVE-2024-3863
Mozilla Foundation Security Advisory 2024-18
CVE: CVE-2024-3863
Product: Firefox
Impact: high
Fixed in: Firefox 125
Mozilla
Mozilla Foundation Security Advisory 2024-20: CVE-2024-3863
vendor_mozilla·CVSS 9.8
CVE-2024-3863 [CRITICAL] Mozilla Foundation Security Advisory 2024-20: CVE-2024-3863
Mozilla Foundation Security Advisory 2024-20
CVE: CVE-2024-3863
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.10
Mozilla
Mozilla Foundation Security Advisory 2024-19: CVE-2024-3863
vendor_mozilla·CVSS 9.8
CVE-2024-3863 [CRITICAL] Mozilla Foundation Security Advisory 2024-19: CVE-2024-3863
Mozilla Foundation Security Advisory 2024-19
CVE: CVE-2024-3863
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.10
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1885855https://www.mozilla.org/security/advisories/mfsa2024-18/https://www.mozilla.org/security/advisories/mfsa2024-19/https://www.mozilla.org/security/advisories/mfsa2024-20/https://bugzilla.mozilla.org/show_bug.cgi?id=1885855https://www.mozilla.org/security/advisories/mfsa2024-18/https://www.mozilla.org/security/advisories/mfsa2024-19/https://www.mozilla.org/security/advisories/mfsa2024-20/
2024-04-16
Published