Login Sign Up

CVE-2024-11693

9.8 CRITICAL

📋 TL;DR

This vulnerability in Firefox and Thunderbird allows attackers to download .library-ms files without the usual executable file warning on Windows systems. This could enable social engineering attacks where users are tricked into opening malicious files. It affects Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR on Windows operating systems.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
  • Thunderbird ESR
Versions: Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, Thunderbird < 128.5
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows operating systems. Other OSes are unaffected. .library-ms files are Windows Library Description files that can contain executable code.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could deliver malicious .library-ms files that execute arbitrary code when opened, potentially leading to full system compromise.

🟠

Likely Case

Social engineering attacks where users are tricked into downloading and opening malicious .library-ms files, potentially leading to malware installation.

🟢

If Mitigated

Users who don't open downloaded files or have additional security controls would be protected, though the missing warning increases risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (downloading and opening the file). The vulnerability bypasses security warnings but doesn't automatically execute code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 133+, Firefox ESR 128.5+, Thunderbird 133+, Thunderbird ESR 128.5+

Vendor Advisory: https://www.mozilla.org/security/advisories/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow the browser to check for and install updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable .library-ms file downloads

windows

Configure Firefox/Thunderbird to block .library-ms file downloads entirely

about:config → browser.download.manager.alertOnEXEOpen = true
about:config → browser.download.manager.alertOnEXEOpen.library-ms = true

Use alternative browser temporarily

all

Switch to a different browser until patches are applied

🧯 If You Can't Patch

  • Educate users not to open downloaded .library-ms files from untrusted sources
  • Implement application whitelisting to block execution of .library-ms files

🔍 How to Verify

Check if Vulnerable:

Check Firefox/Thunderbird version in Help → About. If version is below patched versions, system is vulnerable.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

After updating, verify version is at or above Firefox 133, Firefox ESR 128.5, Thunderbird 133, or Thunderbird ESR 128.5.

📡 Detection & Monitoring

Log Indicators:

  • Downloads of .library-ms files in browser logs
  • Unexpected .library-ms file executions in Windows Event Logs

Network Indicators:

  • Downloads of .library-ms files from suspicious domains
  • Unusual download patterns for library files

SIEM Query:

source="browser_logs" AND file_extension=".library-ms" OR source="windows_security" AND process_name="*.library-ms"

📊 Metadata

CVE ID: CVE-2024-11693
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 26, 2024
Last Updated: April 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON