CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1918884	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

05 Apr 2025, 00:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:thunderbird::::::::
First Time		Mozilla Mozilla firefox Mozilla thunderbird
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1918884 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1918884 - Issue Tracking, Permissions Required
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-63/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-63/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2024-67/ -~~	() https://www.mozilla.org/security/advisories/mfsa2024-67/ - Vendor Advisory

Information

Published : 2024-11-26 14:15

Updated : 2025-04-05 00:41

NVD link : CVE-2024-11702

Mitre link : CVE-2024-11702

CVE.ORG link : CVE-2024-11702

JSON object : View

Products Affected

mozilla

firefox
thunderbird

CWE

CWE-838

Inappropriate Encoding for Output Context

{"id": "CVE-2024-11702", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-26T14:15:19.710", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918884", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-838"}]}], "descriptions": [{"lang": "en", "value": "Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133."}, {"lang": "es", "value": "La copia de informaci\u00f3n confidencial de las pesta\u00f1as de Navegaci\u00f3n privada en Android, como las contrase\u00f1as, puede haber almacenado datos inadvertidamente en el historial del portapapeles basado en la nube si est\u00e1 habilitada. Esta vulnerabilidad afecta a Firefox < 133 y Thunderbird < 133."}], "lastModified": "2025-04-05T00:41:30.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F82571FC-4DDE-4C63-BD2B-8CF2FFEA28A8", "versionEndExcluding": "133.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75D1724C-A89A-46A9-988C-09A4019D9956", "versionEndExcluding": "133.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}