CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1914797	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

05 Apr 2025, 00:36

Type	Values Removed	Values Added
First Time		Mozilla Mozilla firefox Mozilla thunderbird
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1914797 - Issue Tracking
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-63/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-67/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:thunderbird::::::::

Information

Published : 2024-11-26 14:15

Updated : 2025-04-05 00:36

NVD link : CVE-2024-11701

Mitre link : CVE-2024-11701

CVE.ORG link : CVE-2024-11701

JSON object : View

Products Affected

mozilla

firefox
thunderbird

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2024-11701", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-26T14:15:19.617", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914797", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133."}, {"lang": "es", "value": "Es posible que se haya mostrado un dominio incorrecto en la barra de direcciones durante un intento de navegaci\u00f3n interrumpido. Esto podr\u00eda haber provocado confusi\u00f3n en el usuario y posibles ataques de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox < 133 y Thunderbird < 133."}], "lastModified": "2025-04-05T00:36:49.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F82571FC-4DDE-4C63-BD2B-8CF2FFEA28A8", "versionEndExcluding": "133.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75D1724C-A89A-46A9-988C-09A4019D9956", "versionEndExcluding": "133.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}