VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-69sq-pe73-tbh3

Essentials
Severities (97)
References (36)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-69sq-pe73-tbh3
Aliases	CVE-2024-11696
Summary	The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-354

Improper Validation of Integrity Check Value

System	Score	Found at
cvssv3	5.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11696.json
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2024-11696
cvssv3.1	5.4	https://bugzilla.mozilla.org/show_bug.cgi?id=1929600
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1929600
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2024-63/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-63/
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2024-64/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-64/
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2024-67/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-67/
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2024-68/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-68/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11696.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11696
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11696
2328943		https://bugzilla.redhat.com/show_bug.cgi?id=2328943
CVE-2024-11696		https://nvd.nist.gov/vuln/detail/CVE-2024-11696
GLSA-202501-10		https://security.gentoo.org/glsa/202501-10
GLSA-202505-03		https://security.gentoo.org/glsa/202505-03
mfsa2024-63		https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
mfsa2024-63		https://www.mozilla.org/security/advisories/mfsa2024-63/
mfsa2024-64		https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
mfsa2024-64		https://www.mozilla.org/security/advisories/mfsa2024-64/
mfsa2024-67		https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
mfsa2024-67		https://www.mozilla.org/security/advisories/mfsa2024-67/
mfsa2024-68		https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
mfsa2024-68		https://www.mozilla.org/security/advisories/mfsa2024-68/
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10702		https://access.redhat.com/errata/RHSA-2024:10702
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10742		https://access.redhat.com/errata/RHSA-2024:10742
RHSA-2024:10743		https://access.redhat.com/errata/RHSA-2024:10743
RHSA-2024:10745		https://access.redhat.com/errata/RHSA-2024:10745
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748
RHSA-2024:10752		https://access.redhat.com/errata/RHSA-2024:10752
RHSA-2024:10844		https://access.redhat.com/errata/RHSA-2024:10844
RHSA-2024:10848		https://access.redhat.com/errata/RHSA-2024:10848
RHSA-2024:10849		https://access.redhat.com/errata/RHSA-2024:10849
RHSA-2024:10880		https://access.redhat.com/errata/RHSA-2024:10880
RHSA-2024:10881		https://access.redhat.com/errata/RHSA-2024:10881
show_bug.cgi?id=1929600		https://bugzilla.mozilla.org/show_bug.cgi?id=1929600
USN-7134-1		https://usn.ubuntu.com/7134-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11696.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1929600

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1929600

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:02:13Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Exploit Prediction Scoring System (EPSS)

Percentile	0.0803
EPSS Score	0.00033
Published At	April 24, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-11-26T20:11:43.140182+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-67.yml	35.0.0