Mozilla Foundation Security Advisory 2024-57

Security Vulnerabilities fixed in Firefox ESR 115.17

Announced

October 29, 2024

Impact

high

Products

Firefox ESR

Fixed in

Firefox ESR 115.17

#CVE-2024-10458: Permission leak via embed or object elements

Reporter: James Lee
Impact: high

Description

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements.

References

Bug 1921733

#CVE-2024-10459: Use-after-free in layout with accessibility

Reporter: Tyson Smith
Impact: high

Description

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.

References

Bug 1919087

#CVE-2024-10463: Cross origin video frame leak

Reporter: Karl Tomlinson
Impact: moderate

Description

Video frames could have been leaked between origins in some situations.

References

Bug 1920800

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2024-57

Security Vulnerabilities fixed in Firefox ESR 115.17

#CVE-2024-10458: Permission leak via embed or object elements

Description

References

#CVE-2024-10459: Use-after-free in layout with accessibility

Description

References

#CVE-2024-10463: Cross origin video frame leak

Description

References