The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
History

Thu, 28 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Moderate

threat_severity

Low


Wed, 27 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses CWE-290
CPEs cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


Wed, 27 Nov 2024 13:30:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Misleading Address Bar State During Navigation Interruption
Weaknesses CWE-451
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

threat_severity

Moderate


Tue, 26 Nov 2024 13:45:00 +0000

Type Values Removed Values Added
Description The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-11-26T13:33:56.951Z

Updated: 2024-11-27T15:44:38.510Z

Reserved: 2024-11-25T16:29:40.915Z

Link: CVE-2024-11701

cve-icon Vulnrichment

Updated: 2024-11-27T15:44:22.436Z

cve-icon NVD

Status : Received

Published: 2024-11-26T14:15:19.617

Modified: 2024-11-27T16:15:13.470

Link: CVE-2024-11701

cve-icon Redhat

Severity : Low

Publid Date: 2024-11-26T13:33:56Z

Links: CVE-2024-11701 - Bugzilla