Login Sign Up

CVE-2024-8386

6.1 MEDIUM

📋 TL;DR

This vulnerability allows malicious websites with popup permissions to overlay select elements on top of legitimate sites, enabling UI spoofing attacks. Attackers could trick users into interacting with fake interface elements. Affects Firefox, Firefox ESR, and Thunderbird users on outdated versions.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 130, Firefox ESR < 128.2, Thunderbird < 128.2
Operating Systems: All platforms supported by affected browsers
Default Config Vulnerable: ⚠️ Yes
Notes: Requires sites to have popup permissions, which users may have granted previously.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering sensitive information into spoofed UI elements, leading to credential theft or unintended actions.

🟠

Likely Case

Phishing attacks where users interact with fake dropdowns or selection elements, potentially revealing information or performing unintended clicks.

🟢

If Mitigated

Limited impact if users are cautious about popups and don't grant unnecessary permissions to untrusted sites.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit malicious site that has been granted popup permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 130+, Firefox ESR 128.2+, Thunderbird 128.2+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-39/

Restart Required: Yes

Instructions:

1. Open browser/mail client. 2. Go to settings/about. 3. Allow automatic update or download latest version from official Mozilla site. 4. Restart application.

🔧 Temporary Workarounds

Revoke popup permissions

all

Remove popup permissions from untrusted or suspicious websites

In Firefox: Settings > Privacy & Security > Permissions > Pop-ups > Settings

Disable JavaScript for untrusted sites

all

Prevent malicious scripts from executing

In Firefox: about:config > javascript.enabled = false (not recommended for general use)

🧯 If You Can't Patch

  • Use alternative browser/mail client that is not affected
  • Implement strict popup blocking policies and user training about UI spoofing risks

🔍 How to Verify

Check if Vulnerable:

Check browser/Thunderbird version in about dialog

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox 130+, Firefox ESR 128.2+, or Thunderbird 128.2+

📡 Detection & Monitoring

Log Indicators:

  • Unusual popup behavior reports from users
  • Security software alerts about UI spoofing

Network Indicators:

  • Connections to known malicious domains with popup permissions

SIEM Query:

Browser events showing popup interactions from untrusted sources

📊 Metadata

CVE ID: CVE-2024-8386
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-601
Published: September 3, 2024
Last Updated: October 30, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8386, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)