Mozilla Foundation Security Advisory 2024-57

Security Vulnerabilities fixed in Firefox ESR 115.17

Announced

October 29, 2024

Impact

high

Products

Firefox ESR

Fixed in

Firefox ESR 115.17

#CVE-2024-10458: Permission leak via embed or object elements

Reporter: James Lee
Impact: high

Description

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements.

References

Bug 1921733

#CVE-2024-10459: Use-after-free in layout with accessibility

Reporter: Tyson Smith
Impact: high

Description

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.

References

Bug 1919087

#CVE-2024-10463: Cross origin video frame leak

Reporter: Karl Tomlinson
Impact: moderate

Description

Video frames could have been leaked between origins in some situations.

References

Bug 1920800

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Foundation Security Advisory 2024-57

Security Vulnerabilities fixed in Firefox ESR 115.17

#CVE-2024-10458: Permission leak via embed or object elements

Description

References

#CVE-2024-10459: Use-after-free in layout with accessibility

Description

References

#CVE-2024-10463: Cross origin video frame leak

Description

References