Login Sign Up

CVE-2024-11706

6.5 MEDIUM
Denial of Service

📋 TL;DR

A null pointer dereference vulnerability in pk12util's SEC_ASN1DecodeItem_Util function allows attackers to cause denial of service by crashing applications when processing malformed input files. This affects Firefox and Thunderbird users running versions below 133. The vulnerability requires user interaction to open malicious files.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 133, Thunderbird < 133
Operating Systems: Windows, Linux, macOS, All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in pk12util component used for PKCS#12 file handling

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potentially causing data loss if unsaved work is open

🟠

Likely Case

Application crash when processing malicious PKCS#12 files, requiring user to restart the affected program

🟢

If Mitigated

No impact if users avoid opening untrusted PKCS#12 files or have updated to patched versions

🌐 Internet-Facing: LOW - Requires user interaction with malicious files, not directly exploitable over network
🏢 Internal Only: LOW - Same requirement for user interaction with malicious files

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to open malicious PKCS#12 file; no known active exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 133, Thunderbird 133

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-63/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update to version 133 or higher. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable PKCS#12 file handling

all

Prevent applications from processing PKCS#12 files

Not applicable - configuration change only

User education

all

Train users to avoid opening untrusted PKCS#12 files

🧯 If You Can't Patch

  • Implement application whitelisting to block execution of vulnerable Firefox/Thunderbird versions
  • Use endpoint protection to detect and block malicious PKCS#12 files

🔍 How to Verify

Check if Vulnerable:

Check Firefox/Thunderbird version: Firefox → Help → About Firefox; Thunderbird → Help → About Thunderbird

Check Version:

firefox --version (Linux) or check About dialog (Windows/macOS)

Verify Fix Applied:

Confirm version is 133 or higher in About dialog

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs mentioning pk12util or SEC_ASN1DecodeItem_Util
  • Unexpected termination of Firefox/Thunderbird processes

Network Indicators:

  • Download of PKCS#12 files (.p12, .pfx) from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="firefox.exe" OR ProcessName="thunderbird.exe" AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2024-11706
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: November 26, 2024
Last Updated: April 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11706, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)