Main Vulnerability Database Vulnerabilities #VU100954

#VU100954 Insufficient UI Warning of Dangerous Operations in Mozilla Firefox and Firefox ESR - CVE-2024-11693

Published: November 26, 2024

Vulnerability identifier: #VU100954

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-11693

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a file warning is not displayed when downloading .library-ms files. A remote attacker can trick the victim into downloading and execution malicious files on the system.

Note, the vulnerability affects only installations on Windows operating system.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.mozilla.org/show_bug.cgi?id=1921458
https://www.mozilla.org/security/advisories/mfsa2024-63/
https://www.mozilla.org/security/advisories/mfsa2024-64/

#VU100954 Insufficient UI Warning of Dangerous Operations in Mozilla Firefox and Firefox ESR - CVE-2024-11693

Description

Remediation

External links

Please verify you're human