What is the severity of CVE-2024-8383?

CVE-2024-8383 has a moderate severity rating due to potential exposure to untrusted applications handling Usenet-related schemes.

How do I fix CVE-2024-8383?

To fix CVE-2024-8383, update Firefox or Thunderbird to the latest recommended versions: for Firefox to 130.0 or higher and for Thunderbird to 128.2 or higher.

Which versions of Firefox are affected by CVE-2024-8383?

Versions of Firefox earlier than 130.0 and versions of Firefox ESR earlier than 115.15 are affected by CVE-2024-8383.

Which versions of Thunderbird are impacted by CVE-2024-8383?

Thunderbird versions prior to 128.2 are impacted by CVE-2024-8383.

What actions are recommended for users regarding CVE-2024-8383?

Users should immediately update their affected versions of Firefox or Thunderbird to mitigate CVE-2024-8383.

Vulnerability/
CVE-2024-8383

high

7.5

CWE

1188

EPSS

0.054%

3/9/2024

13/1/2025

CVE-2024-8383

First published: Tue Sep 03 2024(Updated: )

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
debian/firefox		131.0.2-2
debian/firefox-esr	<=115.14.0esr-1~deb11u1<=115.14.0esr-1~deb12u1	128.3.1esr-1~deb11u1 128.3.1esr-1~deb12u1 128.3.0esr-2 128.3.1esr-2
debian/thunderbird	<=1:115.12.0-1~deb11u1<=1:115.12.0-1~deb12u1	1:115.15.0-1~deb11u1 1:115.15.0-1~deb12u1
Thunderbird	<128.2	128.2
Thunderbird	<115.15	115.15
Firefox	<130	130
Firefox	<130.0
Firefox ESR	<115.15
Firefox ESR	>=128.0<128.2
Firefox ESR	<115.15	115.15
Firefox ESR	<128.2	128.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-8383?
CVE-2024-8383 has a moderate severity rating due to potential exposure to untrusted applications handling Usenet-related schemes.
How do I fix CVE-2024-8383?
To fix CVE-2024-8383, update Firefox or Thunderbird to the latest recommended versions: for Firefox to 130.0 or higher and for Thunderbird to 128.2 or higher.
Which versions of Firefox are affected by CVE-2024-8383?
Versions of Firefox earlier than 130.0 and versions of Firefox ESR earlier than 115.15 are affected by CVE-2024-8383.
Which versions of Thunderbird are impacted by CVE-2024-8383?
Thunderbird versions prior to 128.2 are impacted by CVE-2024-8383.
What actions are recommended for users regarding CVE-2024-8383?
Users should immediately update their affected versions of Firefox or Thunderbird to mitigate CVE-2024-8383.

agent/type
agent/first-publish-date
agent/author
agent/severity
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/weakness
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/trending
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-8383
agent/last-modified-date
agent/references
agent/source
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
collector/nvd-cve
package-manager/debian
vendor/mozilla
canonical/thunderbird
canonical/firefox
canonical/firefox esr
version/firefox esr/128.0