admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-116xx/CVE-2024-11694.json

84 lines
3.0 KiB
JSON
Raw Normal View History

Auto-Update: 2024-11-26T15:06:00.045011+00:00
2024-11-26 15:09:11 +00:00
{
"id": "CVE-2024-11694",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-11-26T14:15:18.943",
Auto-Update: 2024-12-13T19:00:27.850419+00:00
2024-12-13 19:03:51 +00:00
"lastModified": "2024-12-13T17:15:05.960",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-11-27T19:01:43.480293+00:00
2024-11-27 19:04:55 +00:00
"cveTags": [],
Auto-Update: 2024-11-26T15:06:00.045011+00:00
2024-11-26 15:09:11 +00:00
"descriptions": [
{
"lang": "en",
Auto-Update: 2024-12-13T19:00:27.850419+00:00
2024-12-13 19:03:51 +00:00
"value": "Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18."
Auto-Update: 2024-11-27T19:01:43.480293+00:00
2024-11-27 19:04:55 +00:00
},
{
"lang": "es",
"value": "Es posible que el modo estricto de Enhanced Tracking Protection haya permitido inadvertidamente una omisi\u00f3n de frame-src de CSP y un XSS basado en DOM a trav\u00e9s del complemento SafeFrame de Google en la extensi\u00f3n Web Compatibility. Este problema podr\u00eda haber expuesto a los usuarios a marcos maliciosos que se hacen pasar por contenido leg\u00edtimo. Esta vulnerabilidad afecta a Firefox &lt; 133, Firefox ESR &lt; 128.5, Firefox ESR &lt; 115.18, Thunderbird &lt; 133 y Thunderbird &lt; 128.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
Auto-Update: 2024-11-26T15:06:00.045011+00:00
2024-11-26 15:09:11 +00:00
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/",
"source": "security@mozilla.org"
Auto-Update: 2024-12-13T15:00:34.276447+00:00
2024-12-13 15:03:57 +00:00
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-70/",
"source": "security@mozilla.org"
Auto-Update: 2024-11-26T15:06:00.045011+00:00
2024-11-26 15:09:11 +00:00
}
]
}
Reference in New Issue Copy Permalink