PT-2024-8825 · Mozilla+3 · Thunderbird+5

Marco Bonardo

Published

2024-11-25

Updated

2025-07-18

CVE-2024-11693

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Firefox ESR versions prior to 128.5 Thunderbird versions prior to 133 Thunderbird versions prior to 128.5

Description: The issue is related to the lack of a warning when downloading .library-ms files, which could allow a remote attacker to conduct spoofing attacks using a specially crafted file. This problem only affects Windows operating systems.

Recommendations: For Firefox versions prior to 133, update to version 133 or later to resolve the issue. For Firefox ESR versions prior to 128.5, update to version 128.5 or later to resolve the issue. For Thunderbird versions prior to 133, update to version 133 or later to resolve the issue. For Thunderbird versions prior to 128.5, update to version 128.5 or later to resolve the issue. As a temporary workaround, consider avoiding the download of .library-ms files until the issue is resolved.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

ALT-PU-2024-16375

ALT-PU-2024-16377

ALT-PU-2024-16378

ALT-PU-2025-1049

ALT-PU-2025-2027

ALT-PU-2025-2230

ALT-PU-2025-2672

ALT-PU-2025-8904

BDU:2024-10457

CVE-2024-11693

OESA-2025-1835

OPENSUSE-SU-2024:14533-1

OPENSUSE-SU-2024:14572-1

OPENSUSE-SU-2024:14583-1

OPENSUSE-SU-2024_4086-1

OPENSUSE-SU-2024_4148-1

SUSE-SU-2024:4074-1

SUSE-SU-2024:4086-1

SUSE-SU-2024:4148-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Windows

PT-2024-8825 · Mozilla+3 · Thunderbird+5

CVE-2024-11693

Weakness Enumeration

Related Identifiers

Affected Products

References · 1992