CVE-2024-8383

Sept. 3, 2024, 10:15 p.m.

Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Firefox

  • < 130
  • ESR < 128.2
  • ESR < 115.15

Source

security@mozilla.org

Tags

CVE-2024-8383 details

Published : Sept. 3, 2024, 1:15 p.m.
Last Modified : Sept. 3, 2024, 10:15 p.m.

Description

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
This website uses the NVD API, but is not approved or certified by it.