VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-uens-m9gw-gqgg

Essentials
Severities (98)
References (39)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-uens-m9gw-gqgg
Aliases	CVE-2024-11697
Summary	When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-356

Product UI does not Warn User of Unsafe Actions

System	Score	Found at
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11697.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
epss	0.00537	https://api.first.org/data/v1/epss?cve=CVE-2024-11697
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1842187
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1842187
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-63/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-63/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-64/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-64/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-67/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-67/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2024-68/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2024-68/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11697.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11697
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11697
2328950		https://bugzilla.redhat.com/show_bug.cgi?id=2328950
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2024-11697		https://nvd.nist.gov/vuln/detail/CVE-2024-11697
GLSA-202501-10		https://security.gentoo.org/glsa/202501-10
GLSA-202505-03		https://security.gentoo.org/glsa/202505-03
mfsa2024-63		https://www.mozilla.org/en-US/security/advisories/mfsa2024-63
mfsa2024-63		https://www.mozilla.org/security/advisories/mfsa2024-63/
mfsa2024-64		https://www.mozilla.org/en-US/security/advisories/mfsa2024-64
mfsa2024-64		https://www.mozilla.org/security/advisories/mfsa2024-64/
mfsa2024-67		https://www.mozilla.org/en-US/security/advisories/mfsa2024-67
mfsa2024-67		https://www.mozilla.org/security/advisories/mfsa2024-67/
mfsa2024-68		https://www.mozilla.org/en-US/security/advisories/mfsa2024-68
mfsa2024-68		https://www.mozilla.org/security/advisories/mfsa2024-68/
RHSA-2024:10591		https://access.redhat.com/errata/RHSA-2024:10591
RHSA-2024:10592		https://access.redhat.com/errata/RHSA-2024:10592
RHSA-2024:10667		https://access.redhat.com/errata/RHSA-2024:10667
RHSA-2024:10702		https://access.redhat.com/errata/RHSA-2024:10702
RHSA-2024:10703		https://access.redhat.com/errata/RHSA-2024:10703
RHSA-2024:10704		https://access.redhat.com/errata/RHSA-2024:10704
RHSA-2024:10710		https://access.redhat.com/errata/RHSA-2024:10710
RHSA-2024:10733		https://access.redhat.com/errata/RHSA-2024:10733
RHSA-2024:10734		https://access.redhat.com/errata/RHSA-2024:10734
RHSA-2024:10742		https://access.redhat.com/errata/RHSA-2024:10742
RHSA-2024:10743		https://access.redhat.com/errata/RHSA-2024:10743
RHSA-2024:10745		https://access.redhat.com/errata/RHSA-2024:10745
RHSA-2024:10748		https://access.redhat.com/errata/RHSA-2024:10748
RHSA-2024:10752		https://access.redhat.com/errata/RHSA-2024:10752
RHSA-2024:10844		https://access.redhat.com/errata/RHSA-2024:10844
RHSA-2024:10848		https://access.redhat.com/errata/RHSA-2024:10848
RHSA-2024:10849		https://access.redhat.com/errata/RHSA-2024:10849
RHSA-2024:10880		https://access.redhat.com/errata/RHSA-2024:10880
RHSA-2024:10881		https://access.redhat.com/errata/RHSA-2024:10881
show_bug.cgi?id=1842187		https://bugzilla.mozilla.org/show_bug.cgi?id=1842187
USN-7134-1		https://usn.ubuntu.com/7134-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11697.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1842187

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1842187

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-63/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-64/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-67/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:26:51Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-68/

Exploit Prediction Scoring System (EPSS)

Percentile	0.17226
EPSS Score	0.00045
Published At	Nov. 28, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-26T20:11:43.428012+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-67.yml	35.0.0