Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Firefox
- < 130
- ESR < 128.2
- ESR < 115.15
Source
security@mozilla.org
Tags
CVE-2024-8382 details
Published : Sept. 3, 2024, 1:15 p.m.
Last Modified : Sept. 3, 2024, 3:12 p.m.
Last Modified : Sept. 3, 2024, 3:12 p.m.
Description
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-39/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-40/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-41/ | security@mozilla.org |
This website uses the NVD API, but is not approved or certified by it.