Main Vulnerability Database Vulnerabilities #VU96736

Exposed dangerous method or function in Mozilla products - CVE-2024-8382

Published: September 3, 2024

Vulnerability identifier: #VU96736

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-8382

CWE-ID: CWE-749

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox ESR
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to internal browser event interfaces are exposed to web content when privileged EventHandler listener callbacks ran for those events. A remote attacker can indicate usage of certain browser features, such as when a user opens the Dev Tools console.

How to mitigate CVE-2024-8382

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-40/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/

Exposed dangerous method or function in Mozilla products - CVE-2024-8382

Detailed vulnerability description

How to mitigate CVE-2024-8382

Sources

Please verify you're human