VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2rx4-kbfe-xybb

Essentials
Severities (104)
References (41)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2rx4-kbfe-xybb
Aliases	CVE-2024-11694
Summary	Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11694.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00145	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00157	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00157	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
epss	0.00315	https://api.first.org/data/v1/epss?cve=CVE-2024-11694
cvssv3.1	6.1	https://bugzilla.mozilla.org/show_bug.cgi?id=1924167
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1924167
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-65
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-70
cvssv3.1	6.1	https://www.mozilla.org/security/advisories/mfsa2024-63/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-63/
cvssv3.1	6.1	https://www.mozilla.org/security/advisories/mfsa2024-64/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-64/
cvssv3.1	6.1	https://www.mozilla.org/security/advisories/mfsa2024-65/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-65/
cvssv3.1	6.1	https://www.mozilla.org/security/advisories/mfsa2024-67/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-67/
cvssv3.1	6.1	https://www.mozilla.org/security/advisories/mfsa2024-68/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-68/
cvssv3.1	6.1	https://www.mozilla.org/security/advisories/mfsa2024-70/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-70/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11694.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11694
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11694
2328941		https://bugzilla.redhat.com/show_bug.cgi?id=2328941
CVE-2024-11694		https://nvd.nist.gov/vuln/detail/CVE-2024-11694
GLSA-202501-10		https://security.gentoo.org/glsa/202501-10
GLSA-202505-03		https://security.gentoo.org/glsa/202505-03
mfsa2024-63		https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
mfsa2024-63		https://www.mozilla.org/security/advisories/mfsa2024-63/
mfsa2024-64		https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
mfsa2024-64		https://www.mozilla.org/security/advisories/mfsa2024-64/
mfsa2024-65		https://www.mozilla.org/en-US/security/advisories/mfsa2024-65
mfsa2024-65		https://www.mozilla.org/security/advisories/mfsa2024-65/
mfsa2024-67		https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
mfsa2024-67		https://www.mozilla.org/security/advisories/mfsa2024-67/
mfsa2024-68		https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
mfsa2024-68		https://www.mozilla.org/security/advisories/mfsa2024-68/
mfsa2024-70		https://www.mozilla.org/en-US/security/advisories/mfsa2024-70
mfsa2024-70		https://www.mozilla.org/security/advisories/mfsa2024-70/
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10702		https://access.redhat.com/errata/RHSA-2024:10702
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10742		https://access.redhat.com/errata/RHSA-2024:10742
RHSA-2024:10743		https://access.redhat.com/errata/RHSA-2024:10743
RHSA-2024:10745		https://access.redhat.com/errata/RHSA-2024:10745
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748
RHSA-2024:10752		https://access.redhat.com/errata/RHSA-2024:10752
RHSA-2024:10844		https://access.redhat.com/errata/RHSA-2024:10844
RHSA-2024:10848		https://access.redhat.com/errata/RHSA-2024:10848
RHSA-2024:10849		https://access.redhat.com/errata/RHSA-2024:10849
RHSA-2024:10880		https://access.redhat.com/errata/RHSA-2024:10880
RHSA-2024:10881		https://access.redhat.com/errata/RHSA-2024:10881
show_bug.cgi?id=1924167		https://bugzilla.mozilla.org/show_bug.cgi?id=1924167
USN-7134-1		https://usn.ubuntu.com/7134-1/
USN-7193-1		https://usn.ubuntu.com/7193-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11694.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1924167

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1924167

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-65/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-65/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-70/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:03Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-70/

Exploit Prediction Scoring System (EPSS)

Percentile	0.11764
EPSS Score	0.00044
Published At	Nov. 28, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-26T20:11:42.563999+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-67.yml	35.0.0