Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2024/VULN451
_____________________________________________________________________

DATE                : 28/10/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running pyload-ng versions prior to
                                  0.5.0b3.dev87.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/
_____________________________________________________________________

Mozilla Foundation Security Advisory 2024-57
Security Vulnerabilities fixed in Firefox ESR 115.17

Announced
    October 29, 2024
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 115.17

#CVE-2024-10458: Permission leak via embed or object elements

Reporter
    James Lee
Impact
    high

Description

A permission leak could have occurred from a trusted site to an
untrusted site via embed or object elements.
References

    Bug 1921733


#CVE-2024-10459: Use-after-free in layout with accessibility

Reporter
    Tyson Smith
Impact
    high

Description

An attacker could have caused a use-after-free when accessibility
was enabled, leading to a potentially exploitable crash.

References

    Bug 1919087


#CVE-2024-10463: Cross origin video frame leak

Reporter
    Karl Tomlinson
Impact
    moderate

Description

Video frames could have been leaked between origins in some
situations.

References

    Bug 1920800

_____________________________________________________________________


Mozilla Foundation Security Advisory 2024-56
Security Vulnerabilities fixed in Firefox ESR 128.4

Announced
    October 29, 2024
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 128.4

#CVE-2024-10458: Permission leak via embed or object elements

Reporter
    James Lee
Impact
    high

Description

A permission leak could have occurred from a trusted site to an
untrusted site via embed or object elements.

References

    Bug 1921733


#CVE-2024-10459: Use-after-free in layout with accessibility

Reporter
    Tyson Smith
Impact
    high

Description

An attacker could have caused a use-after-free when accessibility
was enabled, leading to a potentially exploitable crash.

References

    Bug 1919087


#CVE-2024-10460: Confusing display of origin for external protocol
handler prompt

Reporter
    Shaheen Fazim
Impact
    moderate

Description

The origin of an external protocol handler prompt could have been
obscured using a data: URL within an iframe.

References

    Bug 1912537


#CVE-2024-10461: XSS due to Content-Disposition being ignored
in multipart/x-mixed-replace response

Reporter
    Masato Kinugawa
Impact
    moderate

Description

In multipart/x-mixed-replace responses, Content-Disposition:
attachment in the response header was not respected and did
not force a download, which could allow XSS attacks.

References

    Bug 1914521


#CVE-2024-10462: Origin of permission prompt could be spoofed
by long URL

Reporter
    Hafiizh
Impact
    moderate

Description

Truncation of a long URL could have allowed origin spoofing in
a permission prompt.

References

    Bug 1920423


#CVE-2024-10463: Cross origin video frame leak

Reporter
    Karl Tomlinson
Impact
    moderate

Description

Video frames could have been leaked between origins in some
situations.

References

    Bug 1920800


#CVE-2024-10464: History interface could have been used to cause
a Denial of Service condition in the browser

Reporter
    Andrei Enache
Impact
    low

Description

Repeated writes to history interface attributes could have been
used to cause a Denial of Service condition in the browser. This
was addressed by introducing rate-limiting to this API.

References

    Bug 1913000


#CVE-2024-10465: Clipboard "paste" button persisted across tabs

Reporter
    Kang Ali and Nur Fadhillah of Punggawa Cybersecurity
Impact
    low

Description

A clipboard "paste" button could persist across tabs which allowed
a spoofing attack.

References

    Bug 1918853


#CVE-2024-10466: DOM push subscription message could hang Firefox

Reporter
    Kagami Rosylight
Impact
    low

Description

By sending a specially crafted push message, a remote server could
have hung the parent process, causing the browser to become
unresponsive.

References

    Bug 1924154


#CVE-2024-10467: Memory safety bugs fixed in Firefox 132,
Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4

Reporter
    Andrew McCreight, the Mozilla Fuzzing Team
Impact
    moderate

Description

Memory safety bugs present in Firefox 131, Firefox ESR 128.3,
and Thunderbird 128.3. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code.
*
References

    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
Firefox ESR 128.4, and Thunderbird 128.4

_____________________________________________________________________

Mozilla Foundation Security Advisory 2024-55
Security Vulnerabilities fixed in Firefox 132

Announced
    October 29, 2024
Impact
    high
Products
    Firefox
Fixed in

        Firefox 132


#CVE-2024-10458: Permission leak via embed or object elements

Reporter
    James Lee
Impact
    high

Description

A permission leak could have occurred from a trusted site to an
untrusted site via embed or object elements.

References

    Bug 1921733


#CVE-2024-10459: Use-after-free in layout with accessibility

Reporter
    Tyson Smith
Impact
    high

Description

An attacker could have caused a use-after-free when accessibility
was enabled, leading to a potentially exploitable crash.

References

    Bug 1919087


#CVE-2024-10460: Confusing display of origin for external protocol
handler prompt

Reporter
    Shaheen Fazim
Impact
    moderate

Description

The origin of an external protocol handler prompt could have been
obscured using a data: URL within an iframe.

References

    Bug 1912537


#CVE-2024-10461: XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response

Reporter
    Masato Kinugawa
Impact
    moderate

Description

In multipart/x-mixed-replace responses, Content-Disposition:
attachment in the response header was not respected and did
not force a download, which could allow XSS attacks.

References

    Bug 1914521


#CVE-2024-10462: Origin of permission prompt could be
spoofed by long URL

Reporter
    Hafiizh
Impact
    moderate

Description

Truncation of a long URL could have allowed origin spoofing
in a permission prompt.
References

    Bug 1920423


#CVE-2024-10463: Cross origin video frame leak

Reporter
    Karl Tomlinson
Impact
    moderate

Description

Video frames could have been leaked between origins in some
situations.

References

    Bug 1920800


#CVE-2024-10468: Race conditions in IndexedDB

Reporter
    Tyson Smith
Impact
    moderate

Description

Potential race conditions in IndexedDB could have caused memory
corruption, leading to a potentially exploitable crash.

References

    Bug 1914982


#CVE-2024-10464: History interface could have been used to cause
a Denial of Service condition in the browser

Reporter
    Andrei Enache
Impact
    low

Description

Repeated writes to history interface attributes could have been
used to cause a Denial of Service condition in the browser. This
was addressed by introducing rate-limiting to this API.

References

    Bug 1913000


#CVE-2024-10465: Clipboard "paste" button persisted across tabs

Reporter
    Kang Ali and Nur Fadhillah of Punggawa Cybersecurity
Impact
    low

Description

A clipboard "paste" button could persist across tabs which allowed
a spoofing attack.

References

    Bug 1918853


#CVE-2024-10466: DOM push subscription message could hang Firefox

Reporter
    Kagami Rosylight
Impact
    low

Description

By sending a specially crafted push message, a remote server could
have hung the parent process, causing the browser to become
unresponsive.

References

    Bug 1924154


#CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird
132, Firefox ESR 128.4, and Thunderbird 128.4

Reporter
    Andrew McCreight, the Mozilla Fuzzing Team
Impact
    moderate

Description

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and
Thunderbird 128.3. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these
could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
Firefox ESR 128.4, and Thunderbird 128.4


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================