The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
History

Wed, 27 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr
Mozilla thunderbird
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 27 Nov 2024 01:30:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
Weaknesses CWE-356
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

threat_severity

Moderate


Tue, 26 Nov 2024 13:45:00 +0000

Type Values Removed Values Added
Description The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-11-26T13:33:57.608Z

Updated: 2024-11-27T15:36:35.662Z

Reserved: 2024-11-25T16:29:27.970Z

Link: CVE-2024-11693

cve-icon Vulnrichment

Updated: 2024-11-27T15:36:24.077Z

cve-icon NVD

Status : Received

Published: 2024-11-26T14:15:18.847

Modified: 2024-11-27T16:15:12.753

Link: CVE-2024-11693

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-26T13:33:57Z

Links: CVE-2024-11693 - Bugzilla