CVE-2024-11701

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-11701
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
History

05 Apr 2025, 00:36

Type Values Removed Values Added
First Time Mozilla
Mozilla thunderbird
Mozilla firefox
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 - Issue Tracking
References () https://www.mozilla.org/security/advisories/mfsa2024-63/ - () https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-67/ - () https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
First Time Mozilla
Mozilla thunderbird
Mozilla firefox
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 - Issue Tracking
References () https://www.mozilla.org/security/advisories/mfsa2024-63/ - () https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-67/ - () https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory

27 Nov 2024, 16:15

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 - Issue Tracking () https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 -
References () https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2024-63/ -
References () https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2024-67/ -
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CWE CWE-290
Summary
  • (es) Es posible que se haya mostrado un dominio incorrecto en la barra de direcciones durante un intento de navegación interrumpido. Esto podría haber provocado confusión en el usuario y posibles ataques de suplantación de identidad. Esta vulnerabilidad afecta a Firefox &lt; 133 y Thunderbird &lt; 133.

26 Nov 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-26 14:15

Updated : 2025-04-05 00:36

NVD link : CVE-2024-11701

Mitre link : CVE-2024-11701

CVE.ORG link : CVE-2024-11701

JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox
CWE
CWE-290

Authentication Bypass by Spoofing