CVE-2024-3864

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process This vulnerability affects Firefox < 12401 and Firefox ESR < 11591 (CVE-2024-29944) There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed A server could abuse th ...

Mozilla Foundation Security Advisory 2024-19 Security Vulnerabilities fixed in Firefox ESR 11510 Announced April 16, 2024 Impact high Products Firefox ESR Fixed in Firefox ESR 11510 ...

Mozilla Foundation Security Advisory 2024-18 Security Vulnerabilities fixed in Firefox 125 Announced April 16, 2024 Impact high Products Firefox Fixed in Firefox 125 ...

Mozilla Foundation Security Advisory 2024-20 Security Vulnerabilities fixed in Thunderbird 11510 Announced April 16, 2024 Impact high Products Thunderbird Fixed in Thunderbird 11510 ...