CVE-2024-3863 | THREATINT

Description

The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

PUBLISHED Reserved 2024-04-15 | Published 2024-04-16 | Updated 2025-08-22 | Assigner mozilla

Problem types

Download Protections were bypassed by .xrm-ms files on Windows

Product status

Any version before 125

affected

Any version before 115.10

affected

Any version before 115.10

affected

Credits

Eduardo Braun Prado working with Trend Micro Zero Day Initiative

References

bugzilla.mozilla.org/show_bug.cgi?id=1885855

www.mozilla.org/security/advisories/mfsa2024-18/

www.mozilla.org/security/advisories/mfsa2024-19/

www.mozilla.org/security/advisories/mfsa2024-20/

cve.org (CVE-2024-3863)

nvd.nist.gov (CVE-2024-3863)

Download JSON

help @ threatint.eu