2315952 – (CVE-2024-9398) CVE-2024-9398 firefox: thunderbird: External protocol handlers could be enumerated via popups

Bug 2315952 (CVE-2024-9398) - CVE-2024-9398 firefox: thunderbird: External protocol handlers could be enumerated via popups

Summary: CVE-2024-9398 firefox: thunderbird: External protocol handlers could be enume...

Keywords:
Status:	NEW
Alias:	CVE-2024-9398
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-01 16:02 UTC by OSIDB Bzimport
Modified:	2024-10-16 06:37 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:7552	None	None	None	2024-10-02 18:38:29 UTC
Red Hat Product Errata	RHSA-2024:7621	None	None	None	2024-10-03 11:17:22 UTC
Red Hat Product Errata	RHSA-2024:7622	None	None	None	2024-10-03 11:24:47 UTC
Red Hat Product Errata	RHSA-2024:7646	None	None	None	2024-10-03 18:16:13 UTC
Red Hat Product Errata	RHSA-2024:7699	None	None	None	2024-10-07 01:22:36 UTC
Red Hat Product Errata	RHSA-2024:7700	None	None	None	2024-10-07 01:33:21 UTC
Red Hat Product Errata	RHSA-2024:7702	None	None	None	2024-10-07 01:19:23 UTC
Red Hat Product Errata	RHSA-2024:7703	None	None	None	2024-10-07 01:16:53 UTC
Red Hat Product Errata	RHSA-2024:7704	None	None	None	2024-10-07 01:19:04 UTC
Red Hat Product Errata	RHSA-2024:7842	None	None	None	2024-10-09 09:06:38 UTC
Red Hat Product Errata	RHSA-2024:7853	None	None	None	2024-10-09 11:38:34 UTC
Red Hat Product Errata	RHSA-2024:7854	None	None	None	2024-10-09 12:03:08 UTC
Red Hat Product Errata	RHSA-2024:7855	None	None	None	2024-10-09 11:31:38 UTC
Red Hat Product Errata	RHSA-2024:7856	None	None	None	2024-10-09 12:02:33 UTC
Red Hat Product Errata	RHSA-2024:8166	None	None	None	2024-10-16 06:37:14 UTC
Red Hat Product Errata	RHSA-2024:8169	None	None	None	2024-10-16 06:34:01 UTC

Description OSIDB Bzimport 2024-10-01 16:02:23 UTC

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Comment 1 errata-xmlrpc 2024-10-02 18:38:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:7552 https://access.redhat.com/errata/RHSA-2024:7552

Comment 2 errata-xmlrpc 2024-10-03 11:17:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7621 https://access.redhat.com/errata/RHSA-2024:7621

Comment 3 errata-xmlrpc 2024-10-03 11:24:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7622 https://access.redhat.com/errata/RHSA-2024:7622

Comment 4 errata-xmlrpc 2024-10-03 18:16:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:7646 https://access.redhat.com/errata/RHSA-2024:7646

Comment 5 errata-xmlrpc 2024-10-07 01:16:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:7703 https://access.redhat.com/errata/RHSA-2024:7703

Comment 6 errata-xmlrpc 2024-10-07 01:19:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:7704 https://access.redhat.com/errata/RHSA-2024:7704

Comment 7 errata-xmlrpc 2024-10-07 01:19:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:7702 https://access.redhat.com/errata/RHSA-2024:7702

Comment 8 errata-xmlrpc 2024-10-07 01:22:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7699 https://access.redhat.com/errata/RHSA-2024:7699

Comment 9 errata-xmlrpc 2024-10-07 01:33:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7700 https://access.redhat.com/errata/RHSA-2024:7700

Comment 10 errata-xmlrpc 2024-10-09 09:06:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:7842 https://access.redhat.com/errata/RHSA-2024:7842

Comment 11 errata-xmlrpc 2024-10-09 11:31:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7855 https://access.redhat.com/errata/RHSA-2024:7855

Comment 12 errata-xmlrpc 2024-10-09 11:38:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7853 https://access.redhat.com/errata/RHSA-2024:7853

Comment 13 errata-xmlrpc 2024-10-09 12:02:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:7856 https://access.redhat.com/errata/RHSA-2024:7856

Comment 14 errata-xmlrpc 2024-10-09 12:03:07 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:7854 https://access.redhat.com/errata/RHSA-2024:7854

Comment 15 errata-xmlrpc 2024-10-16 06:34:00 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:8169 https://access.redhat.com/errata/RHSA-2024:8169

Comment 16 errata-xmlrpc 2024-10-16 06:37:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:8166 https://access.redhat.com/errata/RHSA-2024:8166

Note You need to log in before you can comment on or make changes to this bug.