We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
Reserved 2024-09-03 | Published 2024-09-03 | Updated 2024-10-30 | Assigner mozillaFirefox did not ask before openings news: links in an external application
D7
bugzilla.mozilla.org/show_bug.cgi?id=1908496
www.mozilla.org/security/advisories/mfsa2024-39/
www.mozilla.org/security/advisories/mfsa2024-40/
www.mozilla.org/security/advisories/mfsa2024-41/
Support options