Mozilla Products October 2024 Secondary Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Thunderbird, Thunderbird, Firefox ESR, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 132 previous version

Firefox ESR 115.17 previous version

Firefox ESR 128.4 previous version

Thunderbird 128.4 previous version

Thunderbird 132 previous version

 

Resolved Vulnerabilities

 

High Level Memory Free and Reuse (UAF) Vulnerability in Firefox, Firefox ESR, Firefox ESR, and Thunderbird (CVE-2024-10459) [1], [2], [3], [4], [5]

Privilege leak via high-level embedded or object elements in Firefox, Firefox ESR, Firefox ESR, and Thunderbird (CVE-2024-10458) [1], [2], [3], [4], [5]

Moderate cross-origin video frame leakage vulnerability in Firefox, Firefox ESR, Firefox ESR, and Thunderbird (CVE-2024-10463) [1], [2], [3], [4], [5]

Moderate Content-Disposition Ignored Vulnerability in Firefox, Firefox ESR, and Thunderbird, resulting in XSS (CVE-2024-10461) [1], [2], [4], [5]

Moderate Memory Security Validation Error Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2024-10467) [1], [2], [4], [5]

Moderate Spoofing Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2024-10462) [1], [2], [4], [5]

Moderate vulnerability in Firefox, Firefox ESR, and Thunderbird that confuses the display of origin for external protocol handler prompts (CVE-2024-10460) [1], [2], [4], [5]

Moderate Race Condition vulnerability in the IndexedDB function in Firefox and Thunderbird (CVE-2024-10468) [1], [5]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the October 29, 2024 update. For more information on Vulnerability Patches, Please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird 132 version

Thunderbird 128.4 version

Firefox ESR 115.17 version

Firefox ESR 128.4 version

Firefox 132 version

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 132

https://www.mozilla.org/en-US/security/advisories/mfsa2024-59/

[2] Security Vulnerabilities fixed in Thunderbird 128.4

https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/

[3] Security Vulnerabilities fixed in Firefox ESR 115.17

https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/

[4] Security Vulnerabilities fixed in Firefox ESR 128.4

https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/

[5] Security Vulnerabilities fixed in Firefox 132

https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/

[6] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release