{"uuid": "182792b2-c649-42b2-8ec1-3ec1cf492060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Security Vulnerabilities fixed in Firefox 132", "description": "\nMozilla Foundation Security Advisory 2024-55\nSecurity Vulnerabilities fixed in Firefox 132\n\nSecurity Advisory:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-55/\n\n\n* CVE-2024-10458: Permission leak via embed or object elements\n* CVE-2024-10459: Use-after-free in layout with accessibility\n* CVE-2024-10460: Confusing display of origin for external protocol handler prompt\n* CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response\n* CVE-2024-10462: Origin of permission prompt could be spoofed by long URL\n* CVE-2024-10463: Cross origin video frame leak\n* CVE-2024-10468: Race conditions in IndexedDB\n* CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser\n* CVE-2024-10465: Clipboard \"paste\" button persisted across tabs\n* CVE-2024-10466: DOM push subscription message could hang Firefox\n* CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4\n", "creation_timestamp": "2024-10-29T21:37:34.943766+00:00", "timestamp": "2024-10-29T21:39:51.049101+00:00", "related_vulnerabilities": ["CVE-2024-10467", "CVE-2024-10465", "CVE-2024-10461", "CVE-2024-10464", "CVE-2024-10459", "CVE-2024-10462", "CVE-2024-10460", "CVE-2024-10458", "CVE-2024-10466", "CVE-2024-10463", "CVE-2024-10468"], "meta": [{"refs": ["https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/"]}], "author": {"login": "cedric", "name": "C\u00e9dric Bonhomme", "uuid": "af0120d0-3dac-4a6a-974b-a9f33d2a9846"}}