CVE-2024-9398 Information

Description

By checking the result of calls to window.open with specifically set protocol handlers an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131 Firefox ESR < 128.3 Thunderbird < 128.3 and Thunderbird < 131.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1881037 https://www.mozilla.org/security/advisories/mfsa2024-46/ https://www.mozilla.org/security/advisories/mfsa2024-47/ https://www.mozilla.org/security/advisories/mfsa2024-49/ https://www.mozilla.org/security/advisories/mfsa2024-50/