{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11700", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-11-25T16:29:39.690Z", "datePublished": "2024-11-26T13:33:56.353Z", "dateUpdated": "2024-11-26T13:33:56.353Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "133", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "133", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133."}]}], "problemTypes": [{"descriptions": [{"description": "Potential Tapjacking Exploit for Intent Confirmation on Android", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836921"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"}], "credits": [{"lang": "en", "value": "Shaheen Fazim"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-11-26T13:33:56.353Z"}}}}

{}

{"descriptions": [{"lang": "en", "value": "Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133."}], "id": "CVE-2024-11700", "lastModified": "2024-11-26T14:15:19.523", "metrics": {}, "published": "2024-11-26T14:15:19.523", "references": [{"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836921"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Received"}

{}