CVE-2024-8386
published 2024-09-03CVE-2024-8386: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 130.0-1 (sid) | firefox 130.0-1 (sid) |
| debian | thunderbird | < firefox 130.0-1 (sid) | firefox 130.0-1 (sid) |
| mozilla | firefox | < 130.0 | 130.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 130.0+build2-0ubuntu0.20.04.1 | 130.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 130.0.1+build1-0ubuntu0.20.04.1 | 130.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 130 | 130 |
| mozilla | firefox_esr | < 128.2 | 128.2 |
| mozilla | firefox_esr | >= unspecified < 128.2 | 128.2 |
| mozilla | thunderbird | >= 0 < 1:128.2.0esr-1 | 1:128.2.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.2.0esr-1 | 1:128.2.0esr-1 |
| mozilla | thunderbird | >= unspecified < 128.2 | 128.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv9.8CRITICAL
OSV
firefox regressions
osv·2024-09-23·CVSS 9.8
CVE-2024-8382 [CRITICAL] firefox regressions
firefox regressions
USN-6992-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)
Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8381)
It
OSV
firefox vulnerabilities
osv·2024-09-05·CVSS 9.8
CVE-2024-8382 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)
Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8381)
It was discovered that Firefox did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary
GHSA
GHSA-p34f-6xg6-mcrp: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing
ghsa_unreviewed·2024-09-03
CVE-2024-8386 [MEDIUM] CWE-290 GHSA-p34f-6xg6-mcrp: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2.
OSV
CVE-2024-8386: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing
osv·2024-09-03·CVSS 6.1
CVE-2024-8386 [MEDIUM] CVE-2024-8386: If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Ubuntu
Firefox regressions
vendor_ubuntu·2024-09-23·CVSS 9.8
[CRITICAL] Firefox regressions
Title: Firefox regressions
Summary: USN-6992-1 caused some minor regressions in Firefox.
USN-6992-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)
Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cau
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-09-05·CVSS 9.8
CVE-2024-8385 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)
Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8381)
It was discovered that Firefox did not properly manage memory during
garbage collection. An attacker could potentially exploi
Red Hat
mozilla: SelectElements could be shown over another site if popups are allowed
vendor_redhat·2024-09-03·CVSS 6.1
CVE-2024-8386 [MEDIUM] CWE-358 mozilla: SelectElements could be shown over another site if popups are allowed
mozilla: SelectElements could be shown over another site if popups are allowed
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
The Mozilla Foundation's Security Advisory: If a site had been granted permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Debian
CVE-2024-8386: firefox - If a site had been granted the permission to open popup windows, it could cause ...
vendor_debian·2024·CVSS 6.1
CVE-2024-8386 [MEDIUM] CVE-2024-8386: firefox - If a site had been granted the permission to open popup windows, it could cause ...
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Scope: local
sid: resolved (fixed in 130.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-43: CVE-2024-8386
vendor_mozilla·CVSS 6.1
CVE-2024-8386 [MEDIUM] Mozilla Foundation Security Advisory 2024-43: CVE-2024-8386
Mozilla Foundation Security Advisory 2024-43
CVE: CVE-2024-8386
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.2
Mozilla
Mozilla Foundation Security Advisory 2024-40: CVE-2024-8386
vendor_mozilla·CVSS 6.1
CVE-2024-8386 [MEDIUM] Mozilla Foundation Security Advisory 2024-40: CVE-2024-8386
Mozilla Foundation Security Advisory 2024-40
CVE: CVE-2024-8386
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.2
Mozilla
Mozilla Foundation Security Advisory 2024-39: CVE-2024-8386
vendor_mozilla·CVSS 6.1
CVE-2024-8386 [MEDIUM] Mozilla Foundation Security Advisory 2024-39: CVE-2024-8386
Mozilla Foundation Security Advisory 2024-39
CVE: CVE-2024-8386
Product: Firefox
Impact: high
Fixed in: Firefox 130
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1907032https://bugzilla.mozilla.org/show_bug.cgi?id=1909163https://bugzilla.mozilla.org/show_bug.cgi?id=1909529https://www.mozilla.org/security/advisories/mfsa2024-39/https://www.mozilla.org/security/advisories/mfsa2024-40/https://www.mozilla.org/security/advisories/mfsa2024-43/
2024-09-03
Published