Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-11694

Опубликовано: 26 нояб. 2024
Источник: nvd
CVSS3: 6.1
EPSS Низкий

Описание

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия до 115.8.0 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Версия до 133.0 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Версия от 116.0 (включая) до 128.5.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия до 115.18.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия от 116.0 (включая) до 128.5.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия от 129.0 (включая) до 133.0 (исключая)

EPSS

Процентиль: 62%
0.00429
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2024-11694

CVSS3: 6.1
ubuntu
12 месяцев назад

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

redhat логотип

CVE-2024-11694

CVSS3: 6.1
redhat
12 месяцев назад

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

debian логотип

CVE-2024-11694

CVSS3: 6.1
debian
12 месяцев назад

Enhanced Tracking Protection's Strict mode may have inadvertently allo ...

github логотип

GHSA-mjcw-r3mg-3848

CVSS3: 6.1
github
12 месяцев назад

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.

fstec логотип

BDU:2024-10431

CVSS3: 4.3
fstec
12 месяцев назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить DOM Based XSS-атаку

EPSS

Процентиль: 62%
0.00429
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79