Unrated severityNVD Advisory· Published Oct 1, 2024· Updated Mar 18, 2025
CVE-2024-9398
CVE-2024-9398
Description
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39< 128.3+ 3 more
- (no CPE)range: < 128.3
- (no CPE)range: < 131
- (no CPE)range: unspecified
- (no CPE)range: unspecified
< 128.3 OR < 131+ 1 more
- (no CPE)range: < 128.3 OR < 131
- (no CPE)range: unspecified
- osv-coords33 versionspkg:apk/chainguard/firefoxpkg:apk/chainguard/firefox-esrpkg:apk/wolfi/firefoxpkg:rpm/almalinux/firefoxpkg:rpm/almalinux/thunderbirdpkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 136.0.2-r0+ 32 more
- (no CPE)range: < 136.0.2-r0
- (no CPE)range: < 128.3.0-r0
- (no CPE)range: < 136.0.2-r0
- (no CPE)range: < 128.3.0-1.el8_10.alma.1
- (no CPE)range: < 128.3.0-1.el9_4.alma.1
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 131.0-1.1
- (no CPE)range: < 128.3.0-150200.8.182.1
- (no CPE)range: < 128.3.0-150200.8.182.1
- (no CPE)range: < 128.3.1-1.1
- (no CPE)range: < 128.3.1-1.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-112.228.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-112.228.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-150200.152.152.1
- (no CPE)range: < 128.3.0-112.228.1
- (no CPE)range: < 128.3.0-150200.8.182.1
- (no CPE)range: < 128.3.0-150200.8.182.1
- (no CPE)range: < 128.3.0-150200.8.182.1
- (no CPE)range: < 128.3.0-150200.8.182.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.