Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Firefox
- < 130
- ESR < 128.2
- ESR < 115.15
Source
security@mozilla.org
Tags
CVE-2024-8383 details
Published : Sept. 3, 2024, 1:15 p.m.
Last Modified : Sept. 3, 2024, 10:15 p.m.
Last Modified : Sept. 3, 2024, 10:15 p.m.
Description
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 | security@mozilla.org |
https://www.mozilla.org/security/advisories/mfsa2024-39/ | security@mozilla.org |
https://www.mozilla.org/security/advisories/mfsa2024-40/ | security@mozilla.org |
https://www.mozilla.org/security/advisories/mfsa2024-41/ | security@mozilla.org |
This website uses the NVD API, but is not approved or certified by it.