← Back

CVE-2024-9398

nvd nist
Published: Oct 1, 2024Modified: Mar 18, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Affected (9)

Mozilla
3 products
Firefox
Firefox Esr
Thunderbird
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Firefox
Before 131.0
Firefox Esr
Before 128.3.0
Mozilla
Thunderbird
Before 128.3
Thunderbird
Version 129.0 beta2
Thunderbird
Version 129.0 beta3
Thunderbird
Version 129.0 beta4
Thunderbird
Version 129.0 beta5
Thunderbird
Version 129.0 beta6
Thunderbird
Version 129.0 beta

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (5)

Source: security@mozilla.org
Issue TrackingPermissions Required
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory

Timeline

No history available yet.