Security Advisory

CVE-2024-11694

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-26 13:33:57

Last updated 2025-11-03 21:51:57

Assigner mozilla

State PUBLISHED

Description

Enhanced Tracking Protections Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

← Browse all CVEs View on cve.org ↗