CVE-2024-8382

{"id": "CVE-2024-8382", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-03T13:15:05.630", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1906744", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-39/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-40/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-41/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-43/", "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-44/", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15."}, {"lang": "es", "value": "Las interfaces de eventos internos del navegador quedaron expuestas al contenido web cuando se ejecutaban devoluciones de llamadas de escucha de EventHandler privilegiados para esos eventos. El contenido web que intentaba usar esas interfaces no pod\u00eda usarlas con privilegios elevados, pero su presencia indicar\u00eda que se hab\u00edan usado ciertas funciones del navegador, como cuando un usuario abr\u00eda la consola de herramientas de desarrollo. Esta vulnerabilidad afecta a Firefox &lt; 130, Firefox ESR &lt; 128.2 y Firefox ESR &lt; 115.15."}], "lastModified": "2024-09-06T17:15:17.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87E41A09-924E-494F-BDF3-8C17EF330178", "versionEndExcluding": "130.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1208DB6D-68A1-41C1-9C57-7C1C16F32229", "versionEndExcluding": "115.15"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D8B478B-4E42-4B63-B62E-D788C298047D", "versionEndExcluding": "128.2", "versionStartIncluding": "128.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}