CVE-2024-8383
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-8383 is a high-severity vulnerability affecting Firefox versions prior to 130, Firefox ESR versions below 128.2, and Firefox ESR versions under 115.15. The flaw occurs because Firefox does not request user confirmation before asking the operating system to handle Usenet-related schemes (news: and snews:), potentially allowing malicious applications to register themselves as handlers. This could lead to unauthorized execution of downloaded programs without user consent, posing a significant risk of integrity impact while having no confidentiality or availability impact. Organizations are advised to update their browsers to the latest versions to mitigate this vulnerability effectively. The exploitability score for this vulnerability is rated at 3.9, indicating a low attack complexity with no required user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.