U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-8383

Change History

New CVE Received by NIST 9/03/2024 9:15:05 AM

Action Type Old Value New Value
Added Description

								
							
							
						
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
Added Reference

								
							
							
						
Mozilla Corporation https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 [No types assigned]
Added Reference

								
							
							
						
Mozilla Corporation https://www.mozilla.org/security/advisories/mfsa2024-39/ [No types assigned]
Added Reference

								
							
							
						
Mozilla Corporation https://www.mozilla.org/security/advisories/mfsa2024-40/ [No types assigned]
Added Reference

								
							
							
						
Mozilla Corporation https://www.mozilla.org/security/advisories/mfsa2024-41/ [No types assigned]