1. Home
  2. Vulnerabilities
  3. CVE-2024-8382

CVE-2024-8382

CVSS v3.1 8.8 (High)
88% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 2
Advisories 13
NVD Status Modified
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Modified
CNA
Mozilla Corporation
Published Date
2024-09-03 13:15:05
(13 days ago)
Updated Date
2024-09-06 17:15:17
(10 days ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 130.0 version cpe:2.3:a:mozilla:firefox < 130.0
  Mozilla Firefox Esr prior 115.15 version cpe:2.3:a:mozilla:firefox_esr < 115.15
  Mozilla Firefox Esr from 128.0 version and prior 128.2 version cpe:2.3:a:mozilla:firefox_esr >= 128.0 < 128.2