CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1914797	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

No history.

Information

Published : 2024-11-26 14:15

Updated : 2025-04-05 00:36

NVD link : CVE-2024-11701

Mitre link : CVE-2024-11701

CVE.ORG link : CVE-2024-11701

JSON object : View

Products Affected

mozilla

thunderbird
firefox

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2024-11701", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-26T14:15:19.617", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914797", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133."}, {"lang": "es", "value": "Es posible que se haya mostrado un dominio incorrecto en la barra de direcciones durante un intento de navegaci\u00f3n interrumpido. Esto podr\u00eda haber provocado confusi\u00f3n en el usuario y posibles ataques de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox < 133 y Thunderbird < 133."}], "lastModified": "2025-04-05T00:36:49.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F82571FC-4DDE-4C63-BD2B-8CF2FFEA28A8", "versionEndExcluding": "133.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75D1724C-A89A-46A9-988C-09A4019D9956", "versionEndExcluding": "133.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}