Opened 5 months ago

Closed 5 months ago

#20586 closed enhancement (fixed)

firefox-128.4.0

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Douglas R. Reno, 5 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 5 months ago

Priority: normalelevated

comment:3 by Douglas R. Reno, 5 months ago

Security Fixes:

  • CVE-2024-10458: Permission leak via embed or object elements (High)
  • CVE-2024-10459: Use-after-free in layout with accessibility (High)
  • CVE-2024-10460: Confusing display of origin for external protocol handler prompt (Moderate)
  • CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (Moderate)
  • CVE-2024-10462: Origin of permission prompt could be spoofed by long URL (Moderate)
  • CVE-2024-10463: Cross origin video frame leak (Moderate)
  • CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser (Low)
  • CVE-2024-10465: Clipboard "paste" button persisted across tabs (Low)
  • CVE-2024-10466: DOM push subscription message could hang Firefox (Low)
  • CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (Moderate)

comment:4 by Douglas R. Reno, 5 months ago

Resolution: fixed
Status: assignedclosed

Fixed at abc56ebd7727d163bb61384de9127ba34727a079

SA-12.2-032 issued

Note: See TracTickets for help on using tickets.