FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- multiple vulnerabilities

Affected packages
		firefox	<	129

Details

VuXML ID	44de1b82-662d-11ef-a51b-b42e991fc52e
Discovery	2024-08-06
Entry	2024-08-29

security@mozilla.org reports:

This update includes 3 CVEs:

The contextual menu for links could provide an opportunity for cross-site scripting attacks.

Long pressing on a download link could potentially provide a means for cross-site scripting.

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser.

[source]

References

CVE Name	CVE-2024-43111
CVE Name	CVE-2024-43112
CVE Name	CVE-2024-43113
URL	https://nvd.nist.gov/vuln/detail/CVE-2024-43111
URL	https://nvd.nist.gov/vuln/detail/CVE-2024-43112
URL	https://nvd.nist.gov/vuln/detail/CVE-2024-43113