Add a missing advisory to Firefox 129

2024-09-17 14:13:24 -04:00 · 2024-09-17 14:13:24 -04:00 · 97beafb67b
--- a/announce/2024/mfsa2024-33.yml
+++ b/announce/2024/mfsa2024-33.yml
@ -4,6 +4,8 @@ impact: high
 fixed_in:
 - Firefox 129
 title: Security Vulnerabilities fixed in Firefox 129
+description: |
+  <em>Updated Sept 17, 2024 to add CVE-2024-8900 which was inadvertently omitted in the original advisory.</em>
 advisories:
  CVE-2024-7518:
    title: Fullscreen notification dialog can be obscured by document content
@ -93,6 +95,14 @@ advisories:
      Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.
    bugs:
      - url: 1895951
+  CVE-2024-8900:
+    title: Clipboard write permission bypass
+    impact: moderate
+    reporter: Om Apip
+    description: |
+      An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
+    bugs:
+      - url: 1872841
  CVE-2024-7529:
    title: Document content could partially obscure security prompts
    impact: moderate