{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11700","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","state":"PUBLISHED","assignerShortName":"mozilla","dateReserved":"2024-11-25T16:29:39.690Z","datePublished":"2024-11-26T13:33:56.353Z","dateUpdated":"2025-01-06T17:46:01.565Z"},"containers":{"cna":{"affected":[{"product":"Firefox","vendor":"Mozilla","versions":[{"lessThan":"133","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"Thunderbird","vendor":"Mozilla","versions":[{"lessThan":"133","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.","supportingMedia":[{"type":"text/html","base64":false,"value":"Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133."}]}],"problemTypes":[{"descriptions":[{"description":"Potential Tapjacking Exploit for Intent Confirmation on Android","lang":"en","type":"text"}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1836921"},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"}],"credits":[{"lang":"en","value":"Shaheen Fazim"}],"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2024-12-02T14:09:11.818Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1021","lang":"en","description":"CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}],"affected":[{"vendor":"mozilla","product":"firefox","cpes":["cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"133","versionType":"custom"}]},{"vendor":"mozilla","product":"thunderbird","cpes":["cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"133","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.1,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-27T15:50:18.846396Z","id":"CVE-2024-11700","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-06T17:46:01.565Z"}}]}}