{"id":"CVE-2024-9398","details":"By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox \u003c 131, Firefox ESR \u003c 128.3, Thunderbird \u003c 128.3, and Thunderbird \u003c 131.","modified":"2026-03-25T17:59:09.251081Z","published":"2024-10-01T16:15:10.913Z","related":["ALSA-2024:7552","ALSA-2024:7699","ALSA-2024:7700","CGA-h24w-pqjf-rrw3","MGASA-2024-0334","SUSE-SU-2024:3518-1","SUSE-SU-2024:3519-1","SUSE-SU-2024:3603-1","SUSE-SU-2024:3614-1","SUSE-SU-2024:3629-1","openSUSE-SU-2024:14385-1","openSUSE-SU-2024:14394-1","openSUSE-SU-2024:14397-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1881037"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"131.0"}]},{"events":[{"introduced":"0"},{"fixed":"128.3.0"}]},{"events":[{"introduced":"0"},{"fixed":"128.3"}]},{"events":[{"introduced":"0"},{"last_affected":"129.0-beta"}]},{"events":[{"introduced":"0"},{"last_affected":"129.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"129.0-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"129.0-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"129.0-beta5"}]},{"events":[{"introduced":"0"},{"last_affected":"129.0-beta6"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9398.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}