CVE-2024-11694
EUVD-2024-3415726.11.2024, 14:15
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox_esr | 𝑥 < 115.8.0 |
| mozilla | firefox | 𝑥 < 133.0 |
| mozilla | firefox_esr | 116.0 ≤ 𝑥 < 128.5.0 |
| mozilla | thunderbird | 𝑥 < 115.18.0 |
| mozilla | thunderbird | 116.0 ≤ 𝑥 < 128.5.0 |
| mozilla | thunderbird | 129.0 ≤ 𝑥 < 133.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||
| firefox-esr |
| ||||||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||
| thunderbird |
| ||||||||||||||
| mozjs38 |
| ||||||||||||||
| mozjs52 |
| ||||||||||||||
| mozjs68 |
| ||||||||||||||
| mozjs78 |
| ||||||||||||||
| mozjs91 |
| ||||||||||||||
| mozjs102 |
| ||||||||||||||
| mozjs115 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-other |
| ||||||||||||||||||||||||||||||||||
| MozillaThunderbird |
| ||||||||||||||||||||||||||||||||||
| MozillaThunderbird-translations-common |
| ||||||||||||||||||||||||||||||||||
| MozillaThunderbird-translations-other |
|
Red Hat Enterprise Linux Releases
References