CVE-2024-10459: 
NixOS vulnerability analysis and mitigation

CVE-2024-10459 is a high-severity use-after-free vulnerability discovered in Mozilla products when accessibility features are enabled. The vulnerability was disclosed on October 29, 2024, affecting multiple versions of Mozilla products including Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132 (Mozilla Advisory).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs in the layout component when accessibility features are enabled. It has received a CVSS v3.1 base score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When exploited, this vulnerability can lead to a potentially exploitable crash of the affected application. The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity as indicated by the CVSS metrics (NVD).

Mozilla has addressed this vulnerability in Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. Users are advised to update to these or later versions to mitigate the risk (Mozilla Advisory).