2309428 – (CVE-2024-8382) CVE-2024-8382 mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

Bug 2309428 (CVE-2024-8382) - CVE-2024-8382 mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

Summary: CVE-2024-8382 mozilla: Internal event interfaces were exposed to web content ...

Keywords:
Status:	NEW
Alias:	CVE-2024-8382
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-03 13:20 UTC by OSIDB Bzimport
Modified:	2025-01-13 10:23 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:6681	None	None	None	2024-09-16 12:13:34 UTC
Red Hat Product Errata	RHSA-2024:6682	None	None	None	2024-09-16 12:05:21 UTC
Red Hat Product Errata	RHSA-2024:6683	None	None	None	2024-09-16 12:18:51 UTC
Red Hat Product Errata	RHSA-2024:6684	None	None	None	2024-09-16 12:15:40 UTC
Red Hat Product Errata	RHSA-2024:6719	None	None	None	2024-09-17 11:26:32 UTC
Red Hat Product Errata	RHSA-2024:6720	None	None	None	2024-09-17 11:22:28 UTC
Red Hat Product Errata	RHSA-2024:6721	None	None	None	2024-09-17 11:25:18 UTC
Red Hat Product Errata	RHSA-2024:6722	None	None	None	2024-09-17 11:20:51 UTC
Red Hat Product Errata	RHSA-2024:6723	None	None	None	2024-09-17 11:24:55 UTC
Red Hat Product Errata	RHSA-2024:6816	None	None	None	2024-09-19 06:47:02 UTC
Red Hat Product Errata	RHSA-2024:6838	None	None	None	2025-01-13 10:23:14 UTC

Description OSIDB Bzimport 2024-09-03 13:20:35 UTC

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

Comment 1 errata-xmlrpc 2024-09-16 12:05:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6682 https://access.redhat.com/errata/RHSA-2024:6682

Comment 2 errata-xmlrpc 2024-09-16 12:13:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6681 https://access.redhat.com/errata/RHSA-2024:6681

Comment 3 errata-xmlrpc 2024-09-16 12:15:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6684 https://access.redhat.com/errata/RHSA-2024:6684

Comment 4 errata-xmlrpc 2024-09-16 12:18:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6683 https://access.redhat.com/errata/RHSA-2024:6683

Comment 5 errata-xmlrpc 2024-09-17 11:20:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:6722 https://access.redhat.com/errata/RHSA-2024:6722

Comment 6 errata-xmlrpc 2024-09-17 11:22:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:6720 https://access.redhat.com/errata/RHSA-2024:6720

Comment 7 errata-xmlrpc 2024-09-17 11:24:54 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:6723 https://access.redhat.com/errata/RHSA-2024:6723

Comment 8 errata-xmlrpc 2024-09-17 11:25:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:6721 https://access.redhat.com/errata/RHSA-2024:6721

Comment 9 errata-xmlrpc 2024-09-17 11:26:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6719 https://access.redhat.com/errata/RHSA-2024:6719

Comment 10 errata-xmlrpc 2024-09-19 06:47:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:6816 https://access.redhat.com/errata/RHSA-2024:6816

Comment 11 errata-xmlrpc 2025-01-13 10:23:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:6838 https://access.redhat.com/errata/RHSA-2024:6838

Note You need to log in before you can comment on or make changes to this bug.