A bug in popup notifications' interaction with WebAuthn made it easier for an malicious user to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
A type check was missing when handling fonts in PDFjs, which would allow arbitrary JavaScript execution in the PDFjs context This vulnerability affects Firefox < 126, Firefox ESR < 11511, and Thunderbird < 11511 (CVE-2024-4367)
If the `browserprivatebrowsingautostart` preference is enabled, IndexedDB files were not properly deleted ...
A type check was missing when handling fonts in PDFjs, which would allow arbitrary JavaScript execution in the PDFjs context This vulnerability affects Firefox < 126, Firefox ESR < 11511, and Thunderbird < 11511 (CVE-2024-4367)
If the `browserprivatebrowsingautostart` preference is enabled, IndexedDB files were not properly deleted ...
Mozilla Foundation Security Advisory 2024-22
Security Vulnerabilities fixed in Firefox ESR 11511
Announced
May 14, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 11511
...
Mozilla Foundation Security Advisory 2024-21
Security Vulnerabilities fixed in Firefox 126
Announced
May 14, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 126
...
Mozilla Foundation Security Advisory 2024-23
Security Vulnerabilities fixed in Thunderbird 11511
Announced
May 15, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 11511
...