CVE-2024-11700
HIGHFirefox < 133 and Thunderbird < 133 - Tapjacking via UI Layer Manipulation
Title source: llmDescription
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
References (3)
Core 3
Core References
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1836921
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-63/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/
Scores
CVSS v3
8.1
EPSS
0.0048
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1021
Status
published
Products (2)
mozilla/firefox
< 133.0
mozilla/thunderbird
< 133.0
Published
Nov 26, 2024
Tracked Since
Feb 18, 2026