Mozilla Foundation Security Advisory 2024-55 Security Vulnerabilities fixed in Firefox 132

Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/

• CVE-2024-10458: Permission leak via embed or object elements
• CVE-2024-10459: Use-after-free in layout with accessibility
• CVE-2024-10460: Confusing display of origin for external protocol handler prompt
• CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
• CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
• CVE-2024-10463: Cross origin video frame leak
• CVE-2024-10468: Race conditions in IndexedDB
• CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser
• CVE-2024-10465: Clipboard "paste" button persisted across tabs
• CVE-2024-10466: DOM push subscription message could hang Firefox
• CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4