{"id":"CVE-2024-11697","details":"When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5.","modified":"2026-03-10T13:46:25.329Z","published":"2024-11-26T14:15:19.243Z","related":["ALSA-2024:10591","ALSA-2024:10592","ALSA-2024:10702","ALSA-2024:10752","CGA-734p-jgrm-g4pr","MGASA-2024-0383","MGASA-2024-0384","RLSA-2024:10591","SUSE-SU-2024:4074-1","SUSE-SU-2024:4086-1","SUSE-SU-2024:4148-1","openSUSE-SU-2024:14533-1","openSUSE-SU-2024:14542-1","openSUSE-SU-2024:14572-1","openSUSE-SU-2024:14583-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00029.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-64/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-68/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11697.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"133.0"}]},{"events":[{"introduced":"0"},{"fixed":"128.5.0"}]},{"events":[{"introduced":"129.0"},{"fixed":"133.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}