CVE-2024-9399
published 2024-10-01CVE-2024-9399: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 131.0-1 (sid) | firefox 131.0-1 (sid) |
| debian | thunderbird | < firefox 131.0-1 (sid) | firefox 131.0-1 (sid) |
| mozilla | firefox | < 128.3.0 | 128.3.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 131.0+build1.1-0ubuntu0.20.04.1 | 131.0+build1.1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 129.0 < 131.0 | 131.0 |
| mozilla | firefox | >= unspecified < 131 | 131 |
| mozilla | firefox_esr | >= unspecified < 128.3 | 128.3 |
| mozilla | thunderbird | < 128.3.0 | 128.3.0 |
| mozilla | thunderbird | >= 0 < 1:128.3.0esr-1 | 1:128.3.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.3.0esr-1 | 1:128.3.0esr-1 |
| mozilla | thunderbird | >= 129.0 < 131.0 | 131.0 |
| mozilla | thunderbird | >= unspecified < 128.3 | 128.3 |
| mozilla | thunderbird | >= unspecified < 131 | 131 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2026-02-02
CVE-2025-8031 Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-10-07·CVSS 9.8
CVE-2024-9394 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-9392,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://pdf.js" origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin PDF content. (CVE-2024-9393)
Masato Kinugawa discovered that Firefox did not properl
Red Hat
firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service
vendor_redhat·2024-10-01·CVSS 7.5
CVE-2024-9399 [HIGH] CWE-754 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service
firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
The Mozilla Foundation's Security Advisory: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process, leading to a denial of service condition.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 10) - Affected
Package: thunderbird (Red Hat Enterprise Linux 10) - Affected
Packa
Debian
CVE-2024-9399: firefox - A website configured to initiate a specially crafted WebTransport session could ...
vendor_debian·2024·CVSS 7.5
CVE-2024-9399 [HIGH] CVE-2024-9399: firefox - A website configured to initiate a specially crafted WebTransport session could ...
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Scope: local
sid: resolved (fixed in 131.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-50: CVE-2024-9399
vendor_mozilla·CVSS 7.5
CVE-2024-9399 [HIGH] Mozilla Foundation Security Advisory 2024-50: CVE-2024-9399
Mozilla Foundation Security Advisory 2024-50
CVE: CVE-2024-9399
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 131
Mozilla
Mozilla Foundation Security Advisory 2024-47: CVE-2024-9399
vendor_mozilla·CVSS 7.5
CVE-2024-9399 [HIGH] Mozilla Foundation Security Advisory 2024-47: CVE-2024-9399
Mozilla Foundation Security Advisory 2024-47
CVE: CVE-2024-9399
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.3
Mozilla
Mozilla Foundation Security Advisory 2024-49: CVE-2024-9399
vendor_mozilla·CVSS 7.5
CVE-2024-9399 [HIGH] Mozilla Foundation Security Advisory 2024-49: CVE-2024-9399
Mozilla Foundation Security Advisory 2024-49
CVE: CVE-2024-9399
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.3
Mozilla
Mozilla Foundation Security Advisory 2024-46: CVE-2024-9399
vendor_mozilla·CVSS 7.5
CVE-2024-9399 [HIGH] Mozilla Foundation Security Advisory 2024-46: CVE-2024-9399
Mozilla Foundation Security Advisory 2024-46
CVE: CVE-2024-9399
Product: Firefox
Impact: high
Fixed in: Firefox 131
OSV
firefox vulnerabilities
osv·2024-10-07·CVSS 9.8
CVE-2024-9392 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-9392,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://pdf.js" origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin PDF content. (CVE-2024-9393)
Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://devtools" origin. An
OSV
CVE-2024-9399: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
osv·2024-10-01·CVSS 7.5
CVE-2024-9399 [HIGH] CVE-2024-9399: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
GHSA
GHSA-g76c-5vhc-hqmg: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
ghsa_unreviewed·2024-10-01
CVE-2024-9399 [HIGH] CWE-404 GHSA-g76c-5vhc-hqmg: A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-01
Published