First published: Tue Nov 26 2024(Updated: )
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Thunderbird | <133 | 133 |
Firefox | <133 | 133 |
Firefox | <133.0 | |
Thunderbird | <133.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-11700 has been classified with a severity level that indicates serious potential risks to user intent confirmation.
To fix CVE-2024-11700, users should update their Mozilla Firefox or Thunderbird to the latest version beyond 133.
CVE-2024-11700 affects Mozilla Firefox and Thunderbird versions prior to 133.
The impact of CVE-2024-11700 allows malicious websites to potentially exploit users into unknowingly launching external applications.
CVE-2024-11700 requires user interaction but can manipulate user intent through tapjacking techniques.