We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-11696



Description

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Reserved 2024-11-25 | Published 2024-11-26 | Updated 2024-12-02 | Assigner mozilla

Problem types

Unhandled Exception in Add-on Signature Verification

Product status

Any version before 133
affected

Any version before 128.5
affected

Any version before 133
affected

Any version before 128.5
affected

Credits

Rob Wu

References

bugzilla.mozilla.org/show_bug.cgi?id=1929600

www.mozilla.org/security/advisories/mfsa2024-63/

www.mozilla.org/security/advisories/mfsa2024-64/

www.mozilla.org/security/advisories/mfsa2024-67/

www.mozilla.org/security/advisories/mfsa2024-68/

cve.org (CVE-2024-11696)

nvd.nist.gov (CVE-2024-11696)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-11696

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.