CVE-2024-8383 — Initialization of a Resource with an Insecure Default in Mozilla Firefox
Severity
7.5HIGHNVD
OSV9.8
EPSS
0.2%
top 55.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 3
Latest updateSep 23
Description
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vul…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages6 packages
🔴Vulnerability Details
5OSV▶
CVE-2024-8383: Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support↗2024-09-03
CVEList▶
CVE-2024-8383: Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support↗2024-09-03
GHSA▶
GHSA-794f-5gfq-xmmq: Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support↗2024-09-03
📋Vendor Advisories
6Red Hat
▶
Debian▶
CVE-2024-8383: firefox - Firefox normally asks for confirmation before asking the operating system to fin...↗2024