CVE-2024-8383

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-1188
View all →

Vulnerability Description

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

Related Vulnerabilities

CVE-2017-6750

HIGH
CVSS:7.5(High)

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated...

CWE-11882017

CVE-2019-13393

HIGH
CVSS:7.5(High)

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Au...

CWE-11882019

CVE-2019-20470

HIGH
CVSS:7.5(High)

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the wa...

CWE-11882019

CVE-2019-25219

HIGH
CVSS:7.5(High)

Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used.

CWE-11882019

CVE-2020-11489

HIGH
CVSS:7.5(High)

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SN...

CWE-11882020