CVE-2024-3863

Summary

The executable file warning was not presented when downloading .xrm-ms files.
Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 125affected
MozillaFirefox ESRunspecified < 115.10affected
MozillaThunderbirdunspecified < 115.10affected

Weaknesses

  • Download Protections were bypassed by .xrm-ms files on Windows

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References