CVE-2024-9399 – A denial-of-service vulnerability in Firefox, F... (How to Fix)

Q: How do I fix CVE-2024-9399?

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart the application when prompted.

Q: What is the severity of CVE-2024-9399?

CVE-2024-9399 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability in Firefox, Firefox ESR, and Thunderbird allows a malicious website to crash the browser process by initiating a specially crafted WebTransport session. This affects all users running vulnerable versions of these Mozilla products. The crash occurs without user interaction beyond visiting the malicious site.

📋 TL;DR

A denial-of-service vulnerability in Firefox, Firefox ESR, and Thunderbird allows a malicious website to crash the browser process by initiating a specially crafted WebTransport session. This affects all users running vulnerable versions of these Mozilla products. The crash occurs without user interaction beyond visiting the malicious site.

💻 Affected Systems

Products:

Firefox
Firefox ESR
Thunderbird

Versions: Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, Thunderbird < 131

Operating Systems: Windows, Linux, macOS, All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All standard configurations are vulnerable. WebTransport is enabled by default in affected versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete browser/application crash leading to loss of unsaved work and disruption of productivity. Repeated exploitation could make the application unusable.

🟠

Likely Case

Temporary denial of service where the browser crashes and needs to be restarted, potentially losing active sessions and unsaved data.

🟢

If Mitigated

No impact if patched versions are deployed or if users avoid untrusted websites.

🌐 Internet-Facing: HIGH - Any user browsing the internet with vulnerable versions is exposed to malicious websites.

🏢 Internal Only: MEDIUM - Risk exists if internal applications or compromised internal sites could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only visiting a malicious website. No authentication or special permissions needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 131+, Firefox ESR 128.3+, Thunderbird 128.3+, Thunderbird 131+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-46/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable WebTransport

all

Disable WebTransport feature via about:config to prevent exploitation

Set network.http.http3.enable to false in about:config

Use script blockers

all

Configure browser extensions to block JavaScript/WebTransport on untrusted sites

🧯 If You Can't Patch

Restrict browsing to trusted websites only
Implement network filtering to block malicious domains and WebTransport traffic

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog. If version is below patched versions, system is vulnerable.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Verify version is equal to or higher than patched versions: Firefox ≥131, Firefox ESR ≥128.3, Thunderbird ≥128.3 or ≥131.

📡 Detection & Monitoring

Log Indicators:

Browser crash logs
Unexpected process termination events
WebTransport session initiation failures

Network Indicators:

WebTransport protocol traffic to suspicious domains
Multiple rapid connection attempts

SIEM Query:

source="browser_logs" AND (event="crash" OR event="process_termination") AND process_name IN ("firefox", "thunderbird")

📊 Metadata

CVE ID: CVE-2024-9399

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

Published: October 1, 2024

Last Updated: March 14, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1907726 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-46/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-47/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-49/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-50/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9399, you might also want to check these: