5.4
CVE-2024-11696
- EPSS 0.13%
- Veröffentlicht 26.11.2024 14:15:19
- Zuletzt bearbeitet 02.12.2024 18:15:08
- Quelle security@mozilla.org
- Teams Watchlist Login
- Unerledigt Login
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellermozilla
≫
Produkt
firefox
Default Statusunknown
Version <
133
Version
0
Status
affected
Herstellermozilla
≫
Produkt
firefox_esr
Default Statusunknown
Version <
128.5
Version
0
Status
affected
Herstellermozilla
≫
Produkt
thunderbird
Default Statusunknown
Version <
133
Version
0
Status
affected
Version <
128.5
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.13% | 0.329 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.