Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3157-1 advisory.

    - Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821)
    - CVE-2024-8381: Type confusion when looking up a property name in a 'with' block
    - CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener     callbacks ran
    - CVE-2024-8383: Firefox did not ask before openings news: links in an external application
    - CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
    - CVE-2024-8385: WASM type confusion involving ArrayTypes
    - CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
    - CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3152-1 advisory.

    - Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821)
    - CVE-2024-8381: Type confusion when looking up a property name in a 'with' block
    - CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener     callbacks ran
    - CVE-2024-8383: Firefox did not ask before openings news: links in an external application
    - CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
    - CVE-2024-8385: WASM type confusion involving ArrayTypes
    - CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
    - CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9922206495 advisory.

    - New upstream update (130.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-43 advisory.

  - When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug     leading to a potentially exploitable crash. (CVE-2024-8394)

  - A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an     exploitable type confusion vulnerability. (CVE-2024-8385)

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

  - If a site had been granted the permission to open popup windows, it could cause Select elements to appear     on top of another site to perform a spoofing attack. (CVE-2024-8386)

  - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-8387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-43 advisory.

  - When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug     leading to a potentially exploitable crash. (CVE-2024-8394)

  - A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an     exploitable type confusion vulnerability. (CVE-2024-8385)

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

  - If a site had been granted the permission to open popup windows, it could cause Select elements to appear     on top of another site to perform a spoofing attack. (CVE-2024-8386)

  - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-8387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-44 advisory.

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-44 advisory.

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a3a1caf5-6ba1-11ef-b9e8-b42e991fc52e advisory.

    security@mozilla.org reports:
    This entry contains 8 vulnerabilities:

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6992-1 advisory.

    Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially     crafted website, an attacker could potentially exploit these to cause a denial of service, obtain     sensitive information across domains, or execute arbitrary code. (CVE-2024-8382, CVE-2024-8383,     CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)

    Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain     property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or     execute arbitrary code. (CVE-2024-8381)

    It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could     potentially exploit this issue to

    cause a denial of service, or execute arbitrary code. (CVE-2024-8384)

    Seunghyun Lee discovered that Firefox contained a type confusion

    vulnerability when handling certain ArrayTypes. An attacker could potentially exploit this issue to cause     a denial of service, or execute arbitrary code. (CVE-2024-8385)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3869 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3869-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     September 04, 2024                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : firefox-esr     Version        : 115.15.0esr-1~deb11u1     CVE ID         : CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code.

    For Debian 11 bullseye, these problems have been fixed in version     115.15.0esr-1~deb11u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5765 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5765-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     September 04, 2024                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code.

    For the stable distribution (bookworm), these problems have been fixed in     version 115.15.0esr-1~deb12u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 115.15.0esr / 128.2.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-247-01 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-40 advisory.

  - A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an     exploitable type confusion vulnerability. (CVE-2024-8385)

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - Firefox normally asks for confirmation before asking the operating system to find an application to handle     a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes     news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an     unscrupulous program that the user downloaded could register itself as a handler. The website that served     the application download could then launch that application at will. (CVE-2024-8383)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

  - If a site had been granted the permission to open popup windows, it could cause Select elements to appear     on top of another site to perform a spoofing attack. (CVE-2024-8386)

  - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-8387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-40 advisory.

  - A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an     exploitable type confusion vulnerability. (CVE-2024-8385)

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - Firefox normally asks for confirmation before asking the operating system to find an application to handle     a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes     news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an     unscrupulous program that the user downloaded could register itself as a handler. The website that served     the application download could then launch that application at will. (CVE-2024-8383)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

  - If a site had been granted the permission to open popup windows, it could cause Select elements to appear     on top of another site to perform a spoofing attack. (CVE-2024-8386)

  - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-8387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-41 advisory.

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - Firefox normally asks for confirmation before asking the operating system to find an application to handle     a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes     news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an     unscrupulous program that the user downloaded could register itself as a handler. The website that served     the application download could then launch that application at will. (CVE-2024-8383)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-41 advisory.

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - Firefox normally asks for confirmation before asking the operating system to find an application to handle     a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes     news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an     unscrupulous program that the user downloaded could register itself as a handler. The website that served     the application download could then launch that application at will. (CVE-2024-8383)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 130.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-39 advisory.

  - A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an     exploitable type confusion vulnerability. (CVE-2024-8385)

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification     announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could     lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing     the visual transition happening behind the prompt. These notifications now use the Android Toast feature.
    This bug only affects Firefox on Android. Other operating systems are unaffected. (CVE-2024-8388)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - Firefox normally asks for confirmation before asking the operating system to find an application to handle     a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes     news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an     unscrupulous program that the user downloaded could register itself as a handler. The website that served     the application download could then launch that application at will. (CVE-2024-8383)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

  - If a site had been granted the permission to open popup windows, it could cause Select elements to appear     on top of another site to perform a spoofing attack. (CVE-2024-8386)

  - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-8387)

  - Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-8389)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 130.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-39 advisory.

  - A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an     exploitable type confusion vulnerability. (CVE-2024-8385)

  - A potentially exploitable type confusion could be triggered when looking up a property name on an object     being used as the <code>with</code> environment. (CVE-2024-8381)

  - Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification     announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could     lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing     the visual transition happening behind the prompt. These notifications now use the Android Toast feature.
    This bug only affects Firefox on Android. Other operating systems are unaffected. (CVE-2024-8388)

  - Internal browser event interfaces were exposed to web content when privileged EventHandler listener     callbacks ran for those events. Web content that tried to use those interfaces would not be able to use     them with elevated privileges, but their presence would indicate certain browser features had been used,     such as when a user opened the Dev Tools console. (CVE-2024-8382)

  - Firefox normally asks for confirmation before asking the operating system to find an application to handle     a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes     news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an     unscrupulous program that the user downloaded could register itself as a handler. The website that served     the application download could then launch that application at will. (CVE-2024-8383)

  - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected     at the right point between two passes. This could have led to memory corruption. (CVE-2024-8384)

  - If a site had been granted the permission to open popup windows, it could cause Select elements to appear     on top of another site to perform a spoofing attack. (CVE-2024-8386)

  - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-8387)

  - Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-8389)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
206757	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:3157-1)	Nessus	SuSE Local Security Checks	critical
206756	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:3152-1)	Nessus	SuSE Local Security Checks	critical
206746	Fedora 40 : firefox (2024-9922206495)	Nessus	Fedora Local Security Checks	critical
206742	Mozilla Thunderbird < 128.2	Nessus	Windows	critical
206741	Mozilla Thunderbird < 128.2	Nessus	MacOS X Local Security Checks	critical
206740	Mozilla Thunderbird < 115.15	Nessus	MacOS X Local Security Checks	critical
206739	Mozilla Thunderbird < 115.15	Nessus	Windows	critical
206696	FreeBSD : firefox -- multiple vulnerabilities (a3a1caf5-6ba1-11ef-b9e8-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	critical
206626	Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6992-1)	Nessus	Ubuntu Local Security Checks	critical
206591	Debian dla-3869 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
206557	Debian dsa-5765 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
206484	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-247-01)	Nessus	Slackware Local Security Checks	critical
206471	Mozilla Firefox ESR < 128.2	Nessus	MacOS X Local Security Checks	critical
206470	Mozilla Firefox ESR < 128.2	Nessus	Windows	critical
206469	Mozilla Firefox ESR < 115.15	Nessus	MacOS X Local Security Checks	critical
206468	Mozilla Firefox ESR < 115.15	Nessus	Windows	critical
206467	Mozilla Firefox < 130.0	Nessus	Windows	critical
206466	Mozilla Firefox < 130.0	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2024-8382

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical