CVE-2024-8382

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 3, 2024
Updated: Sep 6, 2024

Summary

CVE-2024-8382 is a vulnerability that affects Firefox versions below 130, Firefox ESR versions below 128.2 and 115.15, as well as Thunderbird versions below 128.2 and 115.15. The issue arises from the exposure of internal browser event interfaces to web content when privileged EventHandler listener callbacks are executed, potentially revealing certain browser features used by the user, such as accessing the Developer Tools console. Although web content cannot exploit these interfaces with elevated privileges, the presence of these features poses significant risks to both confidentiality and integrity, with a high severity rating of 8.8 on the CVSS scale. Organizations should remediate this vulnerability by updating affected products to their latest versions to mitigate potential risks associated with unauthorized access or information leakage. For further details and guidance on remediation, users can refer to Mozilla's security advisories linked in their documentation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share