vulnerability

Rocky Linux: CVE-2024-11696: firefox (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Dec 19, 2024	Feb 5, 2026	Feb 5, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Dec 19, 2024

Added

Feb 5, 2026

Modified

Feb 5, 2026

Description

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Solutions

rocky-upgrade-firefoxrocky-upgrade-firefox-debuginforocky-upgrade-firefox-debugsourcerocky-upgrade-thunderbirdrocky-upgrade-thunderbird-debuginforocky-upgrade-thunderbird-debugsource

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today