We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8383



Description

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

Reserved 2024-09-03 | Published 2024-09-03 | Updated 2024-10-30 | Assigner mozilla

Problem types

Firefox did not ask before openings news: links in an external application

Product status

Any version before 130
affected

Any version before 128.2
affected

Any version before 115.15
affected

Credits

D7

References

bugzilla.mozilla.org/show_bug.cgi?id=1908496

www.mozilla.org/security/advisories/mfsa2024-39/

www.mozilla.org/security/advisories/mfsa2024-40/

www.mozilla.org/security/advisories/mfsa2024-41/

cve.org (CVE-2024-8383)

nvd.nist.gov (CVE-2024-8383)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-8383

Support options

Helpdesk Chat, Email, Knowledgebase