Login Sign Up

CVE-2024-11700

8.1 HIGH

📋 TL;DR

This CVE describes a tapjacking vulnerability in Firefox and Thunderbird where malicious websites could trick users into approving external application launches through deceptive UI overlays. Users could unknowingly execute applications, potentially exposing them to further vulnerabilities. This affects Firefox versions before 133 and Thunderbird versions before 133.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 133, Thunderbird < 133
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires user interaction with malicious website.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into launching malicious external applications that exploit underlying vulnerabilities, leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Users visiting malicious websites could be tricked into approving unwanted application launches, potentially leading to malware installation or credential theft.

🟢

If Mitigated

With proper user awareness and updated browsers, the risk is limited to users who ignore security warnings and visit untrusted sites.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction with malicious website but no authentication. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 133, Thunderbird 133

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-63/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable automatic external application launches

all

Configure browser to prompt for confirmation before launching external applications

Use browser extensions to block popups

all

Install reputable ad/popup blockers to prevent malicious overlays

🧯 If You Can't Patch

  • Restrict user access to untrusted websites through web filtering
  • Implement application whitelisting to prevent unauthorized external applications from executing

🔍 How to Verify

Check if Vulnerable:

Check browser version in About Firefox/Thunderbird menu. If version is less than 133, system is vulnerable.

Check Version:

firefox --version (Linux) or check About menu (Windows/macOS)

Verify Fix Applied:

After updating, verify version is 133 or higher in About Firefox/Thunderbird menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected external application launches from browser processes
  • Multiple permission prompt events in short timeframes

Network Indicators:

  • Connections to known malicious domains followed by external application execution

SIEM Query:

source="browser_logs" AND (event="external_app_launch" OR event="permission_prompt") AND count > threshold

📊 Metadata

CVE ID: CVE-2024-11700
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-1021
Published: November 26, 2024
Last Updated: April 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11700, you might also want to check these:

CVE-2021-23274 9.8

This CVE describes a clickjacking vulnerability in TIBCO API Exchange Gateway's Config UI component ...

Same vulnerability type (CWE-1021)
CVE-2021-21132 9.6

This vulnerability in Chrome DevTools allowed malicious Chrome extensions to escape the browser's se...

Same vulnerability type (CWE-1021)
CVE-2024-10004 9.1

This vulnerability in Firefox for iOS causes the browser to incorrectly display an HTTPS padlock ico...

Same vulnerability type (CWE-1021)