Severity
Medium
Analysis Summary
CVE-2024-8383 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to ask before openings news: links in an external application. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-8386 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by Select elements appearing on top of another site when popups are allowed. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
Impact
- Security Bypass
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-8383
- CVE-2024-8386
Affected Vendors
Affected Products
- Mozilla Firefox - 129.00
- Mozilla Firefox ESR - 128.1
- Mozilla Firefox ESR - 115.14
- Mozilla Firefox ESR - 128.0
- Mozilla Firefox - unspecified
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.