CVE-2024-8382

NameCVE-2024-8382
DescriptionInternal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3869-1, DLA-3882-1, DSA-5765-1, DSA-5767-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid133.0.3-1fixed
firefox-esr (PTS)jessie, jessie (lts)68.9.0esr-1~deb8u2vulnerable
stretch (security), stretch (lts), stretch91.11.0esr-1~deb9u1vulnerable
buster (security), buster, buster (lts)115.12.0esr-1~deb10u1vulnerable
bullseye115.14.0esr-1~deb11u1vulnerable
bullseye (security)128.5.0esr-1~deb11u1fixed
bookworm128.3.1esr-1~deb12u1fixed
bookworm (security)128.5.0esr-1~deb12u1fixed
trixie128.5.0esr-1fixed
sid128.5.1esr-1fixed
thunderbird (PTS)jessie, jessie (lts)1:68.9.0-1~deb8u2vulnerable
stretch (security), stretch (lts), stretch1:91.10.0-1~deb9u1vulnerable
buster (security), buster, buster (lts)1:115.12.0-1~deb10u1vulnerable
bullseye1:115.12.0-1~deb11u1vulnerable
bullseye (security)1:128.5.0esr-1~deb11u1fixed
bookworm1:115.16.0esr-1~deb12u1fixed
bookworm (security)1:128.5.0esr-1~deb12u1fixed
sid, trixie1:128.5.2esr-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)130.0-1
firefox-esrsourcejessie(unfixed)end-of-life
firefox-esrsourcestretch(unfixed)end-of-life
firefox-esrsourcebuster(unfixed)end-of-life
firefox-esrsourcebullseye115.15.0esr-1~deb11u1DLA-3869-1
firefox-esrsourcebookworm115.15.0esr-1~deb12u1DSA-5765-1
firefox-esrsource(unstable)115.15.0esr-1
thunderbirdsourcejessie(unfixed)end-of-life
thunderbirdsourcestretch(unfixed)end-of-life
thunderbirdsourcebuster(unfixed)end-of-life
thunderbirdsourcebullseye1:115.15.0-1~deb11u1DLA-3882-1
thunderbirdsourcebookworm1:115.15.0-1~deb12u1DSA-5767-1
thunderbirdsource(unstable)1:128.2.0esr-1

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382

Search for package or bug name: Reporting problems