Anne Van Kesteren

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 113 Firefox ESR (affected versions not specified) **Description** The issue is related to a lack of protection for service worker data, which could allow a remote attacker to disclose protected information through the use of dynamic `import()`. This affects Firefox and Firefox ESR browsers. **Recommendations** For Firefox versions prior to 113, update to version 113 or later to resolve the issue. For Firefox ESR, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do Firefox anteriores à 107 Versões do Firefox ESR anteriores à 102.5 Versões do Thunderbird anteriores à 102.5 **Descrição** O problema está relacionado aos Service Workers nos navegadores, o que poderia permitir que um invasor remoto inferisse informações sobre a presença ou o tamanho de um arquivo de mídia, explorando informações de tempo para mídia de origem cruzada combinadas com solicitações Range. **Recomendações** Para versões do Firefox anteriores à 107, atualize para a versão 107 ou posterior. Para versões do Firefox ESR anteriores à 102.5, atualize para a versão 102.5 ou posterior. Para versões do Thunderbird anteriores à 102.5, atualize para a versão 102.5 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Firefox ESR anteriores à 78.1 Versões do Firefox anteriores à 79 Versões do Thunderbird anteriores à 78.1 **Descrição** Foi encontrada uma falha de segurança no elemento iframe sandbox com o sinalizador allow-popups, que poderia ser contornada ao usar links noopener. Isso poderia causar problemas de segurança para sites que dependem de configurações de sandbox que permitem pop-ups e hospedam conteúdo arbitrário. A vulnerabilidade está relacionada a configurações incorretas de permissão de acesso padrão. **Recomendações** Para versões do Firefox ESR anteriores à 78.1, atualize para a versão 78.1 ou posterior. Para versões do Firefox anteriores à 79, atualize para a versão 79 ou posterior. Para versões do Thunderbird anteriores à 78.1, atualize para a versão 78.1 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 66 Firefox ESR versions prior to 60.6 Thunderbird versions prior to 60.6 **Description** The issue is related to memory safety bugs and buffer copying without checking the size of input data, which could potentially be exploited to run arbitrary code. This may lead to memory corruption. **Recommendations** For Firefox versions prior to 66, update to version 66 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Thunderbird versions prior to 60.6, update to version 60.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 55 **Description** The issue is related to the lack of same-origin protections for response header name interning, allowing stored header names to be available cross-origin. This could potentially enable a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 55, update to a version 55 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 11.0 Firefox ESR versions 10.x before 10.0.4 Thunderbird versions 5.0 through 11.0 Thunderbird ESR versions 10.x before 10.0.4 SeaMonkey versions prior to 2.9 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. This can be exploited by remote attackers. **Recommendations** For Mozilla Firefox versions 4.x through 11.0, update to a version after 11.0. For Firefox ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For Thunderbird versions 5.0 through 11.0, update to a version after 11.0. For Thunderbird ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For SeaMonkey versions prior to 2.9, update to version 2.9 or later.