Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Published

2024-09-03T13:15:05.630

Last Modified

2025-11-04T17:16:17.240

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-273

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 130.0	Yes
Application	mozilla	firefox_esr	< 115.15	Yes
Application	mozilla	firefox_esr	< 128.2	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 Issue Tracking, Permissions Required ([email protected])
https://www.mozilla.org/security/advisories/mfsa2024-39/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2024-40/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2024-41/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2024-43/ ([email protected])
https://www.mozilla.org/security/advisories/mfsa2024-44/ ([email protected])
https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html (af854a3a-2127-422b-91ae-364da2661108)