CVE-2024-8386

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 3, 2024
Updated: Sep 6, 2024
CWE ID 601

Summary

CVE-2024-8386 is a vulnerability that can lead to spoofing attacks by allowing Select elements from one site to appear over another if a site has permission to open popup windows. This issue affects versions of Firefox earlier than 130, as well as Firefox ESR versions prior to 128.2, in addition to Thunderbird versions below 128.2. Organizations can mitigate this risk by updating affected products to their latest versions. The vulnerability poses a medium threat level, requiring user interaction and presenting a low impact on integrity and confidentiality. Users are advised to follow remediation steps outlined in Mozilla's security advisories for updated software versions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share