CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1918884	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

No history.

Information

Published : 2024-11-26 14:15

Updated : 2025-04-05 00:41

NVD link : CVE-2024-11702

Mitre link : CVE-2024-11702

CVE.ORG link : CVE-2024-11702

JSON object : View

Products Affected

mozilla

thunderbird
firefox

CWE

CWE-838

Inappropriate Encoding for Output Context

{"id": "CVE-2024-11702", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-26T14:15:19.710", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1918884", "tags": ["Issue Tracking", "Permissions Required"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-838"}]}], "descriptions": [{"lang": "en", "value": "Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133."}, {"lang": "es", "value": "La copia de informaci\u00f3n confidencial de las pesta\u00f1as de Navegaci\u00f3n privada en Android, como las contrase\u00f1as, puede haber almacenado datos inadvertidamente en el historial del portapapeles basado en la nube si est\u00e1 habilitada. Esta vulnerabilidad afecta a Firefox < 133 y Thunderbird < 133."}], "lastModified": "2025-04-05T00:41:30.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F82571FC-4DDE-4C63-BD2B-8CF2FFEA28A8", "versionEndExcluding": "133.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75D1724C-A89A-46A9-988C-09A4019D9956", "versionEndExcluding": "133.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}