Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2024-57

Security Vulnerabilities fixed in Firefox ESR 115.17

Announced
October 29, 2024
Impact
high
Products
Firefox ESR
Fixed in
  • Firefox ESR 115.17

#CVE-2024-10458: Permission leak via embed or object elements

Reporter
James Lee
Impact
high
Description

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements.

References

#CVE-2024-10459: Use-after-free in layout with accessibility

Reporter
Tyson Smith
Impact
high
Description

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.

References

#CVE-2024-10463: Cross origin video frame leak

Reporter
Karl Tomlinson
Impact
moderate
Description

Video frames could have been leaked between origins in some situations.

References