CVE-2024-8383

Published: Sep 3, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 130`
Mozilla	Firefox ESR	affected `unspecified - < 128.2`
Mozilla	Firefox ESR	affected `unspecified - < 115.15`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1908496

https://www.mozilla.org/security/advisories/mfsa2024-39/

https://www.mozilla.org/security/advisories/mfsa2024-40/

https://www.mozilla.org/security/advisories/mfsa2024-41/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-8383

Description

Affected Products

References