security@mozilla.org reports:
This entry contains 8 vulnerabilities:
- CVE-2024-8381: A potentially exploitable type
confusion could be triggered when looking up a property
name on an object being used as the `with` environment.
- CVE-2024-8382: Internal browser event interfaces were
exposed to web content when privileged EventHandler listener
callbacks ran for those events. Web content that tried to
use those interfaces would not be able to use them with
elevated privileges, but their presence would indicate
certain browser features had been used, such as when a user
opened the Dev Tools console.
- CVE-2024-8383: Firefox normally asks for confirmation
before asking the operating system to find an application to
handle a scheme that the browser does not support. It did not
ask before doing so for the Usenet-related schemes news: and
snews:. Since most operating systems don't have a
trusted newsreader installed by default, an unscrupulous
program that the user downloaded could register itself as a
handler. The website that served the application download
could then launch that application at will.
- CVE-2024-8384: The JavaScript garbage collector could
mis-color cross-compartment objects if OOM conditions were
detected at the right point between two passes. This could have
led to memory corruption.
- CVE-2024-8385: A difference in the handling of
StructFields and ArrayTypes in WASM could be used to trigger
an exploitable type confusion vulnerability.
- CVE-2024-8386: If a site had been granted the permission
to open popup windows, it could cause Select elements to
appear on top of another site to perform a spoofing attack.
- CVE-2024-8387: Memory safety bugs present in Firefox 129,
Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs
showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run
arbitrary code.
- CVE-2024-8389: Memory safety bugs present in Firefox 129.
Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been
exploited to run arbitrary code.