{"id":"CVE-2024-11694","details":"Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Firefox ESR \u003c 115.18, Thunderbird \u003c 133, Thunderbird \u003c 128.5, and Thunderbird \u003c 115.18.","modified":"2026-04-16T04:34:44.780919734Z","published":"2024-11-26T14:15:18.943Z","related":["ALSA-2024:10591","ALSA-2024:10592","ALSA-2024:10702","ALSA-2024:10752","CGA-264v-fqq5-whhp","RLSA-2024:10591","SUSE-SU-2024:4074-1","SUSE-SU-2024:4086-1","SUSE-SU-2024:4148-1","openSUSE-SU-2024:14533-1","openSUSE-SU-2024:14542-1","openSUSE-SU-2024:14572-1","openSUSE-SU-2024:14583-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00029.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-68/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-70/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-64/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-65/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924167"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11694.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.8.0"}]},{"events":[{"introduced":"0"},{"fixed":"133.0"}]},{"events":[{"introduced":"116.0"},{"fixed":"128.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.18.0"}]},{"events":[{"introduced":"116.0"},{"fixed":"128.5.0"}]},{"events":[{"introduced":"129.0"},{"fixed":"133.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}