Advisories for Firefox & Thunderbird 132, ESR 128.4, ESR 115.17

* Add Advisories for 132

* Add CVEs

* Add advisories for Thunderbird 132

---------

Co-authored-by: Tom Ritter <tom@ritter.vg>

announce/2024/mfsa2024-55.yml

@@ -0,0 +1,96 @@
+## mfsa2024-55.yml
+announced: Oct 29, 2024
+impact: high
+fixed_in:
+- Firefox 132
+title: Security Vulnerabilities fixed in Firefox 132
+advisories:
+  CVE-2024-10458:
+    title: Permission leak via embed or object elements
+    impact: high
+    reporter: James Lee
+    description: |
+      A permission leak could have occurred from a trusted site to an untrusted site via <code>embed</code> or <code>object</code> elements.
+    bugs:
+      - url: 1921733
+  CVE-2024-10459:
+    title: Use-after-free in layout with accessibility
+    impact: high
+    reporter: Tyson Smith
+    description: |
+      An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
+    bugs:
+      - url: 1919087
+  CVE-2024-10460:
+    title: Confusing display of origin for external protocol handler prompt
+    impact: moderate
+    reporter: Shaheen Fazim
+    description: |
+      The origin of an external protocol handler prompt could have been obscured using a data: URL within an <code>iframe</code>.
+    bugs:
+      - url: 1912537
+  CVE-2024-10461:
+    title: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
+    impact: moderate
+    reporter: Masato Kinugawa
+    description: |
+      In multipart/x-mixed-replace responses, <code>Content-Disposition: attachment</code> in the response header was not respected and did not force a download, which could allow XSS attacks.
+    bugs:
+      - url: 1914521
+  CVE-2024-10462:
+    title: Origin of permission prompt could be spoofed by long URL
+    impact: moderate
+    reporter: Hafiizh
+    description: |
+      Truncation of a long URL could have allowed origin spoofing in a permission prompt.
+    bugs:
+      - url: 1920423
+  CVE-2024-10463:
+    title: Cross origin video frame leak
+    impact: moderate
+    reporter: Karl Tomlinson
+    description: |
+      Video frames could have been leaked between origins in some situations.
+    bugs:
+      - url: 1920800
+  CVE-2024-10468:
+    title: Race conditions in IndexedDB
+    impact: moderate
+    reporter: Tyson Smith
+    description: |
+      Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash.
+    bugs:
+      - url: 1914982
+  CVE-2024-10464:
+    title: History interface could have been used to cause a Denial of Service condition in the browser
+    impact: low
+    reporter: Andrei Enache
+    description: |
+      Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API.
+    bugs:
+      - url: 1913000
+  CVE-2024-10465:
+    title: Clipboard "paste" button persisted across tabs
+    impact: low
+    reporter: Kang Ali and Nur Fadhillah of Punggawa Cybersecurity
+    description: |
+      A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
+    bugs:
+      - url: 1918853
+  CVE-2024-10466:
+    title: DOM push subscription message could hang Firefox
+    impact: low
+    reporter: Kagami Rosylight
+    description: |
+      By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive.
+    bugs:
+      - url: 1924154
+  CVE-2024-10467:
+    title: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
+    impact: moderate
+    reporter: Andrew McCreight, the Mozilla Fuzzing Team
+    description: |
+      Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
+    bugs:
+      - url: 1829029, 1888538, 1900394, 1904059, 1917742, 1919809, 1923706
+        desc: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4

announce/2024/mfsa2024-56.yml

@@ -0,0 +1,88 @@
+## mfsa2024-56.yml
+announced: Oct 29, 2024
+impact: high
+fixed_in:
+- Firefox ESR 128.4
+title: Security Vulnerabilities fixed in Firefox ESR 128.4
+advisories:
+  CVE-2024-10458:
+    title: Permission leak via embed or object elements
+    impact: high
+    reporter: James Lee
+    description: |
+      A permission leak could have occurred from a trusted site to an untrusted site via <code>embed</code> or <code>object</code> elements.
+    bugs:
+      - url: 1921733
+  CVE-2024-10459:
+    title: Use-after-free in layout with accessibility
+    impact: high
+    reporter: Tyson Smith
+    description: |
+      An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
+    bugs:
+      - url: 1919087
+  CVE-2024-10460:
+    title: Confusing display of origin for external protocol handler prompt
+    impact: moderate
+    reporter: Shaheen Fazim
+    description: |
+      The origin of an external protocol handler prompt could have been obscured using a data: URL within an <code>iframe</code>.
+    bugs:
+      - url: 1912537
+  CVE-2024-10461:
+    title: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
+    impact: moderate
+    reporter: Masato Kinugawa
+    description: |
+      In multipart/x-mixed-replace responses, <code>Content-Disposition: attachment</code> in the response header was not respected and did not force a download, which could allow XSS attacks.
+    bugs:
+      - url: 1914521
+  CVE-2024-10462:
+    title: Origin of permission prompt could be spoofed by long URL
+    impact: moderate
+    reporter: Hafiizh
+    description: |
+      Truncation of a long URL could have allowed origin spoofing in a permission prompt.
+    bugs:
+      - url: 1920423
+  CVE-2024-10463:
+    title: Cross origin video frame leak
+    impact: moderate
+    reporter: Karl Tomlinson
+    description: |
+      Video frames could have been leaked between origins in some situations.
+    bugs:
+      - url: 1920800
+  CVE-2024-10464:
+    title: History interface could have been used to cause a Denial of Service condition in the browser
+    impact: low
+    reporter: Andrei Enache
+    description: |
+      Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API.
+    bugs:
+      - url: 1913000
+  CVE-2024-10465:
+    title: Clipboard "paste" button persisted across tabs
+    impact: low
+    reporter: Kang Ali and Nur Fadhillah of Punggawa Cybersecurity
+    description: |
+      A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
+    bugs:
+      - url: 1918853
+  CVE-2024-10466:
+    title: DOM push subscription message could hang Firefox
+    impact: low
+    reporter: Kagami Rosylight
+    description: |
+      By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive.
+    bugs:
+      - url: 1924154
+  CVE-2024-10467:
+    title: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
+    impact: moderate
+    reporter: Andrew McCreight, the Mozilla Fuzzing Team
+    description: |
+      Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
+    bugs:
+      - url: 1829029, 1888538, 1900394, 1904059, 1917742, 1919809, 1923706
+        desc: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4

announce/2024/mfsa2024-57.yml

@@ -0,0 +1,31 @@
+## mfsa2024-57.yml
+announced: Oct 29, 2024
+impact: high
+fixed_in:
+- Firefox ESR 115.17
+title: Security Vulnerabilities fixed in Firefox ESR 115.17
+advisories:
+  CVE-2024-10458:
+    title: Permission leak via embed or object elements
+    impact: high
+    reporter: James Lee
+    description: |
+      A permission leak could have occurred from a trusted site to an untrusted site via <code>embed</code> or <code>object</code> elements.
+    bugs:
+      - url: 1921733
+  CVE-2024-10459:
+    title: Use-after-free in layout with accessibility
+    impact: high
+    reporter: Tyson Smith
+    description: |
+      An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
+    bugs:
+      - url: 1919087
+  CVE-2024-10463:
+    title: Cross origin video frame leak
+    impact: moderate
+    reporter: Karl Tomlinson
+    description: |
+      Video frames could have been leaked between origins in some situations.
+    bugs:
+      - url: 1920800

announce/2024/mfsa2024-58.yml

@@ -0,0 +1,90 @@
+## mfsa2024-58.yml
+announced: Oct 29, 2024
+impact: high
+fixed_in:
+- Thunderbird 128.4
+title: Security Vulnerabilities fixed in Thunderbird 128.4
+description: |
+  *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.*
+advisories:
+  CVE-2024-10458:
+    title: Permission leak via embed or object elements
+    impact: high
+    reporter: James Lee
+    description: |
+      A permission leak could have occurred from a trusted site to an untrusted site via <code>embed</code> or <code>object</code> elements.
+    bugs:
+      - url: 1921733
+  CVE-2024-10459:
+    title: Use-after-free in layout with accessibility
+    impact: high
+    reporter: Tyson Smith
+    description: |
+      An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
+    bugs:
+      - url: 1919087
+  CVE-2024-10460:
+    title: Confusing display of origin for external protocol handler prompt
+    impact: moderate
+    reporter: Shaheen Fazim
+    description: |
+      The origin of an external protocol handler prompt could have been obscured using a data: URL within an <code>iframe</code>.
+    bugs:
+      - url: 1912537
+  CVE-2024-10461:
+    title: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
+    impact: moderate
+    reporter: Masato Kinugawa
+    description: |
+      In multipart/x-mixed-replace responses, <code>Content-Disposition: attachment</code> in the response header was not respected and did not force a download, which could allow XSS attacks.
+    bugs:
+      - url: 1914521
+  CVE-2024-10462:
+    title: Origin of permission prompt could be spoofed by long URL
+    impact: moderate
+    reporter: Hafiizh
+    description: |
+      Truncation of a long URL could have allowed origin spoofing in a permission prompt.
+    bugs:
+      - url: 1920423
+  CVE-2024-10463:
+    title: Cross origin video frame leak
+    impact: moderate
+    reporter: Karl Tomlinson
+    description: |
+      Video frames could have been leaked between origins in some situations.
+    bugs:
+      - url: 1920800
+  CVE-2024-10464:
+    title: History interface could have been used to cause a Denial of Service condition in the browser
+    impact: low
+    reporter: Andrei Enache
+    description: |
+      Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API.
+    bugs:
+      - url: 1913000
+  CVE-2024-10465:
+    title: Clipboard "paste" button persisted across tabs
+    impact: low
+    reporter: Kang Ali and Nur Fadhillah of Punggawa Cybersecurity
+    description: |
+      A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
+    bugs:
+      - url: 1918853
+  CVE-2024-10466:
+    title: DOM push subscription message could hang Firefox
+    impact: low
+    reporter: Kagami Rosylight
+    description: |
+      By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive.
+    bugs:
+      - url: 1924154
+  CVE-2024-10467:
+    title: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
+    impact: moderate
+    reporter: Andrew McCreight, the Mozilla Fuzzing Team
+    description: |
+      Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
+    bugs:
+      - url: 1829029, 1888538, 1900394, 1904059, 1917742, 1919809, 1923706
+        desc: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4