CVE-2024-8382
First published: Tue Sep 03 2024(Updated: )
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <128.2 | 128.2 |
| Mozilla Firefox | <130 | 130 |
| Mozilla Firefox ESR | <115.15 | 115.15 |
| Mozilla Firefox | <130.0 | |
| Mozilla Firefox ESR | <115.15 | |
| Mozilla Firefox ESR | >=128.0<128.2 | |
| Mozilla Thunderbird | <128.2 | 128.2 |
| Mozilla Thunderbird | <115.15 | 115.15 |
| debian/firefox | 131.0.3-1 | |
| debian/firefox-esr | <=115.14.0esr-1~deb11u1<=115.14.0esr-1~deb12u1 | 128.3.1esr-1~deb11u1 128.3.1esr-1~deb12u1 128.3.1esr-2 |
| debian/thunderbird | <=1:115.12.0-1~deb11u1<=1:115.12.0-1~deb12u1 | 1:115.16.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.2.0esr-1 1:128.3.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1906744
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-40/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/
- https://www.mozilla.org/security/advisories/mfsa2024-39/
- https://www.mozilla.org/security/advisories/mfsa2024-40/
- https://www.mozilla.org/security/advisories/mfsa2024-41/
- https://www.mozilla.org/security/advisories/mfsa2024-43/
- https://www.mozilla.org/security/advisories/mfsa2024-44/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8382
- https://nvd.nist.gov/vuln/detail/CVE-2024-8382
- https://launchpad.net/bugs/cve/CVE-2024-8382
- https://security-tracker.debian.org/tracker/CVE-2024-8382
- https://ubuntu.com/security/CVE-2024-8382
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
- https://access.redhat.com/errata/RHSA-2024:6682
- https://access.redhat.com/errata/RHSA-2024:6681
- https://access.redhat.com/errata/RHSA-2024:6684
- https://access.redhat.com/errata/RHSA-2024:6683
- https://access.redhat.com/errata/RHSA-2024:6722
- https://access.redhat.com/errata/RHSA-2024:6720
- https://access.redhat.com/errata/RHSA-2024:6723
- https://access.redhat.com/errata/RHSA-2024:6721
- https://access.redhat.com/errata/RHSA-2024:6719
- https://access.redhat.com/errata/RHSA-2024:6816
- https://bugzilla.redhat.com/show_bug.cgi?id=2309428
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- agent/type
- agent/first-publish-date
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/author
- collector/nvd-cve
- source/NVD
- agent/severity
- collector/usn-cve
- source/Ubuntu
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-8382
- agent/references
- collector/launchpad-cve
- source/Launchpad
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/last-modified-date
- agent/weakness
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- version/mozilla firefox esr/128.0
- canonical/mozilla thunderbird
- package-manager/debian