{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T15:55:41.393","vulnerabilities":[{"cve":{"id":"CVE-2024-11696","sourceIdentifier":"security@mozilla.org","published":"2024-11-26T14:15:19.143","lastModified":"2025-11-03T22:16:38.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed.  Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5."},{"lang":"es","value":"La aplicación no tuvo en cuenta las excepciones generadas por el método `loadManifestFromFile` durante la verificación de la firma del complemento. Esta falla, provocada por un manifiesto de extensión no válido o no compatible, podría haber causado errores de tiempo de ejecución que interrumpieron el proceso de validación de la firma. Como resultado, es posible que se haya omitido la aplicación de la validación de la firma para complementos no relacionados. La validación de la firma en este contexto se utiliza para garantizar que las aplicaciones de terceros en la computadora del usuario no hayan alterado las extensiones del usuario, lo que limita el impacto de este problema. Esta vulnerabilidad afecta a Firefox &lt; 133, Firefox ESR &lt; 128.5, Thunderbird &lt; 133 y Thunderbird &lt; 128.5."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"128.5.0","matchCriteriaId":"883C5169-FA69-4478-BE73-4F36AB746D39"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"133.0","matchCriteriaId":"B0358306-5BCC-49DE-B7A5-429C8BC71BBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"128.5.0","matchCriteriaId":"9C047DD2-FCBA-4474-8AAE-DBB9A5142E4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionStartIncluding":"129.0","versionEndExcluding":"133.0","matchCriteriaId":"809C8F59-3AAB-49E8-9F18-6884EC6E4E92"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1929600","source":"security@mozilla.org","tags":["Issue Tracking"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-63/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-64/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-67/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-68/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}