The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process This vulnerability affects Firefox < 12401 and Firefox ESR < 11591 (CVE-2024-29944)
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed A server could abuse th ...
Mozilla Foundation Security Advisory 2024-19
Security Vulnerabilities fixed in Firefox ESR 11510
Announced
April 16, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 11510
...
Mozilla Foundation Security Advisory 2024-18
Security Vulnerabilities fixed in Firefox 125
Announced
April 16, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 125
...
Mozilla Foundation Security Advisory 2024-20
Security Vulnerabilities fixed in Thunderbird 11510
Announced
April 16, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 11510
...