Mozilla Foundation Security Advisory 2024-57
Security Vulnerabilities fixed in Firefox ESR 115.17
- Announced
- October 29, 2024
- Impact
- high
- Products
- Firefox ESR
- Fixed in
-
- Firefox ESR 115.17
#CVE-2024-10458: Permission leak via embed or object elements
- Reporter
- James Lee
- Impact
- high
Description
A permission leak could have occurred from a trusted site to an untrusted site via embed
or object
elements.
References
#CVE-2024-10459: Use-after-free in layout with accessibility
- Reporter
- Tyson Smith
- Impact
- high
Description
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
References
#CVE-2024-10463: Cross origin video frame leak
- Reporter
- Karl Tomlinson
- Impact
- moderate
Description
Video frames could have been leaked between origins in some situations.