Vulnerability Description
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 130.0 |
| Mozilla | Firefox Esr | < 115.15 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1906744Issue TrackingPermissions Required
- https://www.mozilla.org/security/advisories/mfsa2024-39/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2024-40/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2024-41/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2024-43/
- https://www.mozilla.org/security/advisories/mfsa2024-44/
- https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html
FAQ
What is CVE-2024-8382?
CVE-2024-8382 is a vulnerability with a CVSS score of 8.8 (HIGH). Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to ...
How severe is CVE-2024-8382?
CVE-2024-8382 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8382?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr.