CVE-2024-11695

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Firefox ESR versions prior to 128.5 Thunderbird versions prior to 133 Thunderbird versions prior to 128.5

Description: The issue is related to incorrect restriction of visualized user interface layers in Mozilla Firefox, Firefox ESR, and the Thunderbird email client. A crafted URL containing Arabic script and whitespace characters could hide the true origin of the page, resulting in a potential spoofing attack. This could allow a remote attacker to conduct spoofing attacks.

Recommendations: For Firefox versions prior to 133, update to version 133 or later to resolve the issue. For Firefox ESR versions prior to 128.5, update to version 128.5 or later to resolve the issue. For Thunderbird versions prior to 133, update to version 133 or later to resolve the issue. For Thunderbird versions prior to 128.5, update to version 128.5 or later to resolve the issue. As a temporary workaround, consider restricting access to URLs containing Arabic script and whitespace characters to minimize the risk of exploitation.