CVE-2024-11700: Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving...

8.1 CVSS

Description

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Classification

CVE ID: CVE-2024-11700

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products

Vendor: Mozilla

Product: Firefox

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1836921
https://www.mozilla.org/security/advisories/mfsa2024-63/
https://www.mozilla.org/security/advisories/mfsa2024-67/

Timeline

2024-11-27 14:52:03 UTC
CVE
2024-12-03 00:11:39 UTC
CVE

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving...