Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-7134-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705, CVE-2024-11706, CVE-2024-11708)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-11692",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11694",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11695",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11696",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11697",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11699",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11701",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11704",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11705",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11706",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-11708",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Firefox. If a user were\ntricked into opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation across domains, or execute arbitrary code. (CVE-2024-11692,\nCVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,\nCVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,\nCVE-2024-11706, CVE-2024-11708)\n",
"id": "USN-7134-1",
"modified": "2026-04-27T14:11:38Z",
"published": "2024-12-03T01:10:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11692"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11694"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11695"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11696"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11697"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11699"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11701"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11704"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11705"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11706"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11708"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "firefox vulnerabilities",
"upstream": [
"UBUNTU-CVE-2024-11692",
"UBUNTU-CVE-2024-11694",
"UBUNTU-CVE-2024-11695",
"UBUNTU-CVE-2024-11696",
"UBUNTU-CVE-2024-11697",
"UBUNTU-CVE-2024-11699",
"UBUNTU-CVE-2024-11701",
"UBUNTU-CVE-2024-11704",
"UBUNTU-CVE-2024-11705",
"UBUNTU-CVE-2024-11706",
"UBUNTU-CVE-2024-11708"
]
}
ubuntu-cve-2024-11692
Vulnerability from osv_ubuntu
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5.",
"id": "UBUNTU-CVE-2024-11692",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11692"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11692"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11692"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11692"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909535"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11692"
]
}
ubuntu-cve-2024-11694
Vulnerability from osv_ubuntu
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:115.18.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:115.18.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:115.18.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:115.18.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:115.18.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:115.18.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:115.18.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:115.18.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2",
"1:91.5.0+build1-0ubuntu0.20.04.1",
"1:91.7.0+build2-0ubuntu0.20.04.1",
"1:91.8.1+build1-0ubuntu0.20.04.1",
"1:91.9.1+build1-0ubuntu0.20.04.1",
"1:91.11.0+build2-0ubuntu0.20.04.1",
"1:102.2.2+build1-0ubuntu0.20.04.1",
"1:102.4.2+build2-0ubuntu0.20.04.1",
"1:102.7.1+build2-0ubuntu0.20.04.1",
"1:102.8.0+build2-0ubuntu0.20.04.1",
"1:102.9.0+build1-0ubuntu0.20.04.1",
"1:102.10.0+build2-0ubuntu0.20.04.1",
"1:102.11.0+build1-0ubuntu0.20.04.1",
"1:102.13.0+build1-0ubuntu0.20.04.1",
"1:102.15.0+build1-0ubuntu0.20.04.1",
"1:102.15.1+build1-0ubuntu0.20.04.1",
"1:115.3.1+build1-0ubuntu0.20.04.1",
"1:115.4.1+build1-0ubuntu0.20.04.1",
"1:115.5.0+build1-0ubuntu0.20.04.1",
"1:115.6.0+build2-0ubuntu0.20.04.1",
"1:115.8.1+build1-0ubuntu0.20.04.1",
"1:115.9.0+build1-0ubuntu0.20.04.1",
"1:115.10.1+build1-0ubuntu0.20.04.1",
"1:115.11.0+build2-0ubuntu0.20.04.1",
"1:115.12.0+build3-0ubuntu0.20.04.1",
"1:115.13.0+build5-0ubuntu0.20.04.1",
"1:115.15.0+build1-0ubuntu0.20.04.1",
"1:115.16.0+build2-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:115.18.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:115.18.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:115.18.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:115.18.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:115.18.0+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:115.18.0+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:115.18.0+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:115.18.0+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1",
"1:102.15.0+build1-0ubuntu0.22.04.1",
"1:102.15.1+build1-0ubuntu0.22.04.1",
"1:115.3.1+build1-0ubuntu0.22.04.2",
"1:115.4.1+build1-0ubuntu0.22.04.1",
"1:115.5.0+build1-0ubuntu0.22.04.1",
"1:115.6.0+build2-0ubuntu0.22.04.1",
"1:115.8.1+build1-0ubuntu0.22.04.1",
"1:115.9.0+build1-0ubuntu0.22.04.1",
"1:115.10.1+build1-0ubuntu0.22.04.1",
"1:115.11.0+build2-0ubuntu0.22.04.1",
"1:115.12.0+build3-0ubuntu0.22.04.1",
"1:115.13.0+build5-0ubuntu0.22.04.1",
"1:115.15.0+build1-0ubuntu0.22.04.1",
"1:115.16.0+build2-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "Enhanced Tracking Protection\u0027s Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Firefox ESR \u003c 115.18, Thunderbird \u003c 133, Thunderbird \u003c 128.5, and Thunderbird \u003c 115.18.",
"id": "UBUNTU-CVE-2024-11694",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11694"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11694"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11694"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11694"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-65/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7193-1"
}
],
"related": [
"USN-7134-1",
"USN-7193-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11694"
]
}
ubuntu-cve-2024-11695
Vulnerability from osv_ubuntu
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5.",
"id": "UBUNTU-CVE-2024-11695",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11695"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11695"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11695"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11695"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925496"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11695"
]
}
ubuntu-cve-2024-11696
Vulnerability from osv_ubuntu
The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user\u0027s computer have not tampered with the user\u0027s extensions, limiting the impact of this issue. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5.",
"id": "UBUNTU-CVE-2024-11696",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11696"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11696"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11696"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11696"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11696"
]
}
ubuntu-cve-2024-11697
Vulnerability from osv_ubuntu
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5.",
"id": "UBUNTU-CVE-2024-11697",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11697"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11697"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11697"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11697"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11697"
]
}
ubuntu-cve-2024-11699
Vulnerability from osv_ubuntu
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5.",
"id": "UBUNTU-CVE-2024-11699",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11699"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11699"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11699"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11699"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11699"
]
}
ubuntu-cve-2024-11701
Vulnerability from osv_ubuntu
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 133 and Thunderbird \u003c 133.",
"id": "UBUNTU-CVE-2024-11701",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11701"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11701"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914797"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11701"
]
}
ubuntu-cve-2024-11704
Vulnerability from osv_ubuntu
A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7.",
"id": "UBUNTU-CVE-2024-11704",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11704"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11704"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11704"
]
}
ubuntu-cve-2024-11705
Vulnerability from osv_ubuntu
NSC_DeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox \u003c 133 and Thunderbird \u003c 133.",
"id": "UBUNTU-CVE-2024-11705",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11705"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11705"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1921768"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11705"
]
}
ubuntu-cve-2024-11706
Vulnerability from osv_ubuntu
A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SEC_ASN1DecodeItem_Util function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "133.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@133.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "133.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0",
"binary_version": "102.15.1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.11.0-0ubuntu0.22.04.1",
"102.12.0-0ubuntu0.22.04.1",
"102.13.0-0ubuntu0.22.04.1",
"102.15.1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-91-0",
"binary_version": "91.10.0-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs91",
"purl": "pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"91.5.1-0ubuntu1",
"91.6.0-1",
"91.6.0-2",
"91.7.0-2",
"91.10.0-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-102-0t64",
"binary_version": "102.15.1-3ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs102",
"purl": "pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"102.15.1-1",
"102.15.1-3ubuntu2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-115-0t64",
"binary_version": "115.10.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "mozjs115",
"purl": "pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"115.3.0-0ubuntu1",
"115.4.0-2",
"115.5.0-1",
"115.6.0-1",
"115.7.0-4",
"115.8.0-1",
"115.9.0-1",
"115.9.0-1build1",
"115.10.0-1"
]
}
],
"aliases": [],
"details": "A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox \u003c 133 and Thunderbird \u003c 133.",
"id": "UBUNTU-CVE-2024-11706",
"modified": "2026-04-22T07:47:57Z",
"published": "2024-11-26T14:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-11706"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11706"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1923767"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7134-1"
}
],
"related": [
"USN-7134-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-11706"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.