Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
History

Mon, 02 Dec 2024 14:30:00 +0000

Type Values Removed Values Added
Description Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Wed, 27 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses CWE-1021
CPEs cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}


Wed, 27 Nov 2024 13:30:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android
Weaknesses CWE-356
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

threat_severity

Moderate


Tue, 26 Nov 2024 13:45:00 +0000

Type Values Removed Values Added
Description Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-11-26T13:33:56.353Z

Updated: 2024-12-02T14:09:11.818Z

Reserved: 2024-11-25T16:29:39.690Z

Link: CVE-2024-11700

cve-icon Vulnrichment

Updated: 2024-11-27T15:53:55.303Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-26T14:15:19.523

Modified: 2024-12-02T15:15:10.557

Link: CVE-2024-11700

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-26T13:33:56Z

Links: CVE-2024-11700 - Bugzilla