CVE-2024-8383

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 130 Firefox ESR versions prior to 128.2 Firefox ESR versions prior to 115.15

Description The issue is related to the browser's handling of certain schemes, specifically the Usenet-related schemes "news:" and "snews:". Normally, Firefox asks for confirmation before opening these schemes, but in this case, it did not. This could allow an unscrupulous program to register itself as a handler and be launched by a website at will. The estimated number of potentially affected devices is not specified.

Recommendations For Firefox versions prior to 130, update to version 130 or later. For Firefox ESR versions prior to 128.2, update to version 128.2 or later. For Firefox ESR versions prior to 115.15, update to version 115.15 or later. As a temporary workaround, consider disabling the handling of "news:" and "snews:" schemes until a patch is available. Restrict access to custom URL scheme handlers to minimize the risk of exploitation. Avoid using untrusted newsreaders or applications that may register themselves as handlers for these schemes.