CVE-2024-11706

Summary

A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SEC_ASN1DecodeItem_Util function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 133affected
MozillaThunderbirdunspecified < 133affected

Weaknesses

  • Null Pointer Dereference in PKCS#12 Utility

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References