www.cve.org
Open in
urlscan Pro
18.245.60.39
Public Scan
URL:
https://www.cve.org/CVERecord?id=CVE-2024-11694
Submission: On December 04 via api from IN — Scanned from PL
Submission: On December 04 via api from IN — Scanned from PL
Form analysis 0 forms found in the DOM
Text Content
We're sorry but the CVE Website doesn't work properly without JavaScript enabled. Please enable it to continue. Skip to main content About OverviewHistoryProcessRelated EffortsMetrics Partner Information PartnerList of Partners Program Organization StructureProgram Relationship with PartnersBoardWorking GroupsCVE Numbering AuthoritiesAuthorized Data Publishers Downloads Resources & Support ResourcesGlossaryFAQs AllRecentArchivesNewsletter Sign-Up Reserve IDs & Publish RecordsCVE Services Report/Request CNAsNon-CNAs Site Search Find Find CVE Records by keyword on cve.mitre.org. Site Search alert NOTICE: On December 4, 2024, CVE Services will be unavailable from 1:00 – 3:00 PM EST, UTC-5, to undergo maintenance and deployment of CVE Record Format Version 5.1.1 external link , which adds new features for CVE Numbering Authorities (CNAs). The CVE ID Lookup on this website will also be unavailable during this timeframe. alert NOTICE: On December 4, 2024, CVE Services will be unavailable from 1:00 – 3:00 PM EST, UTC-5, to undergo maintenance and deployment of CVE Record Format Version 5.1.1 external link , which adds new features for CVE Numbering Authorities (CNAs). The CVE ID Lookup on this website will also be unavailable during this timeframe. Expand or collapse notification button close notification button CVE-2024-11694 PUBLISHED external site View JSON | external site User Guide -------------------------------------------------------------------------------- Collapse all REQUIRED CVE RECORD INFORMATION CNA: MOZILLA CORPORATION expand Published: 2024-11-26 Updated: 2024-11-26 DESCRIPTION Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. PRODUCT STATUS Learn more Vendor Mozilla Product Firefox Versions 1 Total Default Status: unknown affected * affected before 133 Vendor Mozilla Product Firefox ESR Versions 1 Total Default Status: unknown affected * affected before 128.5 Vendor Mozilla Product Firefox ESR Versions 1 Total Default Status: unknown affected * affected before 115.18 Vendor Mozilla Product Thunderbird Versions 1 Total Default Status: unknown affected * affected before 133 Vendor Mozilla Product Thunderbird Versions 1 Total Default Status: unknown affected * affected before 128.5 CREDITS * Masato Kinugawa REFERENCES 6 TOTAL * https://bugzilla.mozilla.org/show_bug.cgi?id=1924167 external site * https://www.mozilla.org/security/advisories/mfsa2024-63/ external site * https://www.mozilla.org/security/advisories/mfsa2024-64/ external site * https://www.mozilla.org/security/advisories/mfsa2024-65/ external site * https://www.mozilla.org/security/advisories/mfsa2024-67/ external site * https://www.mozilla.org/security/advisories/mfsa2024-68/ external site AUTHORIZED DATA PUBLISHERS Learn more CISA-ADP collapse On this page * Required CVE Record Information * CNA: Mozilla Corporation * Authorized Data Publishers * CISA-ADP POLICIES & COOKIES * Terms of Use * Website Security Policy * Privacy Policy * Cookie Notice * Manage Cookies MEDIA * News * Blogs * Podcasts * Email newsletter sign up SOCIAL MEDIA github linkedin bluesky mastodon youtube medium x-twitter icon for @CVEnew New CVE Records x-twitter icon for @CVEannounce CVE Announce CONTACT * CVE Program Support external site * CNA Partners * CVE Website Support external site * CVE Program Idea Tracker external site Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) external link Cybersecurity and Infrastructure Security Agency (CISA) external link . Copyright © 1999-2024, The MITRE Corporation external link . CVE and the CVE logo are registered trademarks of The MITRE Corporation.