PT-2024-10064 · Mozilla+4 · Thunderbird+5

Daniel Holbert

Published

2024-11-25

Updated

2025-11-19

CVE-2024-11701

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 133 Thunderbird versions prior to 133

Description The vulnerability is related to the incorrect display of a domain in the address bar during an interrupted navigation attempt, potentially leading to user confusion and spoofing attacks. This issue may allow a remote attacker to conduct spoofing attacks due to inadequate authentication procedure and incorrect domain name display in the address bar.

Recommendations For Firefox versions prior to 133, update to a version that includes the fix for this issue. For Thunderbird versions prior to 133, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

ALT-PU-2024-16375

ALT-PU-2025-11100

ALT-PU-2025-14599

ALT-PU-2025-2230

ALT-PU-2025-5137

ALT-PU-2025-7695

BDU:2025-00202

CVE-2024-11701

OPENSUSE-SU-2024:14583-1

USN-7134-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Thunderbird

Ubuntu

PT-2024-10064 · Mozilla+4 · Thunderbird+5

CVE-2024-11701

Weakness Enumeration

Related Identifiers

Affected Products

References · 56