Search for vulnerabilities
Vulnerability details: VCID-gsat-xard-2uet
Vulnerability ID VCID-gsat-xard-2uet
Aliases CVE-2024-8382
Summary Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8382.json
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00080 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00306 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2024-8382
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-8382
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-8382
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-39
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-40
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-41
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-43
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-44
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8382.json
https://api.first.org/data/v1/epss?cve=CVE-2024-8382
https://bugzilla.mozilla.org/show_bug.cgi?id=1906744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8382
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.mozilla.org/security/advisories/mfsa2024-39/
https://www.mozilla.org/security/advisories/mfsa2024-40/
https://www.mozilla.org/security/advisories/mfsa2024-41/
https://www.mozilla.org/security/advisories/mfsa2024-43/
https://www.mozilla.org/security/advisories/mfsa2024-44/
2309428 https://bugzilla.redhat.com/show_bug.cgi?id=2309428
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
CVE-2024-8382 https://nvd.nist.gov/vuln/detail/CVE-2024-8382
GLSA-202412-04 https://security.gentoo.org/glsa/202412-04
GLSA-202412-06 https://security.gentoo.org/glsa/202412-06
GLSA-202412-13 https://security.gentoo.org/glsa/202412-13
mfsa2024-39 https://www.mozilla.org/en-US/security/advisories/mfsa2024-39
mfsa2024-40 https://www.mozilla.org/en-US/security/advisories/mfsa2024-40
mfsa2024-41 https://www.mozilla.org/en-US/security/advisories/mfsa2024-41
mfsa2024-43 https://www.mozilla.org/en-US/security/advisories/mfsa2024-43
mfsa2024-44 https://www.mozilla.org/en-US/security/advisories/mfsa2024-44
RHSA-2024:6681 https://access.redhat.com/errata/RHSA-2024:6681
RHSA-2024:6682 https://access.redhat.com/errata/RHSA-2024:6682
RHSA-2024:6683 https://access.redhat.com/errata/RHSA-2024:6683
RHSA-2024:6684 https://access.redhat.com/errata/RHSA-2024:6684
RHSA-2024:6719 https://access.redhat.com/errata/RHSA-2024:6719
RHSA-2024:6720 https://access.redhat.com/errata/RHSA-2024:6720
RHSA-2024:6721 https://access.redhat.com/errata/RHSA-2024:6721
RHSA-2024:6722 https://access.redhat.com/errata/RHSA-2024:6722
RHSA-2024:6723 https://access.redhat.com/errata/RHSA-2024:6723
RHSA-2024:6782 https://access.redhat.com/errata/RHSA-2024:6782
RHSA-2024:6786 https://access.redhat.com/errata/RHSA-2024:6786
RHSA-2024:6816 https://access.redhat.com/errata/RHSA-2024:6816
RHSA-2024:6838 https://access.redhat.com/errata/RHSA-2024:6838
RHSA-2024:6839 https://access.redhat.com/errata/RHSA-2024:6839
RHSA-2024:6850 https://access.redhat.com/errata/RHSA-2024:6850
RHSA-2024:6891 https://access.redhat.com/errata/RHSA-2024:6891
RHSA-2024:6892 https://access.redhat.com/errata/RHSA-2024:6892
USN-6992-1 https://usn.ubuntu.com/6992-1/
USN-6995-1 https://usn.ubuntu.com/6995-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8382.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8382
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8382
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.35502
EPSS Score 0.00080
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-17T19:12:38.061376+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-8382 34.0.1