CVE-2024-8383 – Firefox versions before 130, 128.2 ESR, and 115... (How to Fix)

Q: How do I fix CVE-2024-8383?

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Firefox will check for updates and install if available. 4. Restart Firefox when prompted.

Q: What is the severity of CVE-2024-8383?

CVE-2024-8383 has a CVSS score of 7.5 (HIGH). Firefox versions before 130, 128.2 ESR, and 115.15 ESR automatically launch external applications for news: and snews: schemes without user confirmation. This allows malicious websites to execute untrusted programs that users may have installed, potentially leading to arbitrary code execution. All Firefox users on affected versions are vulnerable.

📋 TL;DR

Firefox versions before 130, 128.2 ESR, and 115.15 ESR automatically launch external applications for news: and snews: schemes without user confirmation. This allows malicious websites to execute untrusted programs that users may have installed, potentially leading to arbitrary code execution. All Firefox users on affected versions are vulnerable.

💻 Affected Systems

Products:

Mozilla Firefox
Mozilla Firefox ESR

Versions: Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default Firefox configurations. Requires user to have installed an untrusted application that registers as a news: or snews: handler.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with user privileges if a malicious program has been installed and registered as a newsreader handler.

🟠

Likely Case

Execution of unwanted applications that could perform malicious actions like data theft, ransomware deployment, or system compromise.

🟢

If Mitigated

No impact if Firefox is patched or if no untrusted newsreader applications are installed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to visit a malicious website and have an untrusted newsreader installed. No authentication needed for the web-based trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-39/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu → Help → About Firefox. 3. Firefox will check for updates and install if available. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable news: and snews: scheme handling

all

Prevent Firefox from attempting to handle news-related schemes by modifying browser settings.

about:config
Set network.protocol-handler.external.news to false
Set network.protocol-handler.external.snews to false

🧯 If You Can't Patch

Restrict user installation of untrusted applications through application control policies.
Use network filtering to block access to known malicious websites that could exploit this vulnerability.

🔍 How to Verify

Check if Vulnerable:

Check Firefox version via menu → Help → About Firefox. If version is below 130 (or ESR below 128.2/115.15), system is vulnerable.

Check Version:

firefox --version

Verify Fix Applied:

After update, confirm version is Firefox 130 or higher, or ESR 128.2/115.15 or higher.

📡 Detection & Monitoring

Log Indicators:

Firefox logs showing news: or snews: URL access attempts
System logs showing unexpected application launches from browser processes

Network Indicators:

HTTP requests to websites containing news: or snews: links in referrer or URL parameters

SIEM Query:

source="firefox.log" AND ("news:" OR "snews:")

📊 Metadata

CVE ID: CVE-2024-8383

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-1188

Published: September 3, 2024

Last Updated: November 4, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-39/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-40/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-41/ Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8383, you might also want to check these: