Severity
Medium
Analysis Summary
CVE-2024-8399 CVSS:6.5
Mozilla Focus for iOS could allow a remote attacker to conduct spoofing attacks, caused by an error related to using Javascript links. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof URL addresses in the Focus navigation bar.
CVE-2024-8382 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the exposure of internal event interfaces to Web content when browser EventHandler listener callbacks ran. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-8384 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions. The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-8388 CVSS:6.5
Mozilla Firefox for Android could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the notification announcing the transition to fullscreen mode. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the browser UI.
Impact
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-8399
- CVE-2024-8382
- CVE-2024-8384
- CVE-2024-8388
Affected Vendors
Affected Products
- Mozilla Focus for iOS - 129.00
- Mozilla Firefox - 129.00
- Mozilla Firefox ESR - 128.1
- Mozilla Firefox ESR - 115.14
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.