We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Reserved 2024-11-25 | Published 2024-11-26 | Updated 2024-12-02 | Assigner mozillaUnhandled Exception in Add-on Signature Verification
Rob Wu
bugzilla.mozilla.org/show_bug.cgi?id=1929600
www.mozilla.org/security/advisories/mfsa2024-63/
www.mozilla.org/security/advisories/mfsa2024-64/
www.mozilla.org/security/advisories/mfsa2024-67/
www.mozilla.org/security/advisories/mfsa2024-68/
Support options