{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T18:15:56.463","vulnerabilities":[{"cve":{"id":"CVE-2024-8383","sourceIdentifier":"security@mozilla.org","published":"2024-09-03T13:15:05.687","lastModified":"2025-11-04T17:16:17.430","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15."},{"lang":"es","value":"Firefox normalmente pide confirmación antes de pedirle al sistema operativo que encuentre una aplicación para manejar un esquema que el navegador no soporta. No preguntó antes de hacerlo para los esquemas relacionados con Usenet news: y snews:. Dado que la mayoría de los sistemas operativos no tienen un lector de noticias confiable instalado de forma predeterminada, un programa sin escrúpulos que el usuario haya descargado podría registrarse como manejador. El sitio web que sirvió la descarga de la aplicación podría entonces iniciar esa aplicación a voluntad. Esta vulnerabilidad afecta a Firefox < 130, Firefox ESR < 128.2 y Firefox ESR < 115.15."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"130.0","matchCriteriaId":"87E41A09-924E-494F-BDF3-8C17EF330178"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"115.15","matchCriteriaId":"1208DB6D-68A1-41C1-9C57-7C1C16F32229"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionStartIncluding":"128.0","versionEndExcluding":"128.2","matchCriteriaId":"5D8B478B-4E42-4B63-B62E-D788C298047D"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1908496","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2024-41/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}