Björn Ruytenberg

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 63 **Description** The issue is related to the WebBrowserPersist component in Firefox, specifically with errors when executing the "Save Page As..." function. This can allow a remote attacker to gain unauthorized access to protected information. The internal WebBrowserPersist code does not use the correct origin context for a resource being saved, which manifests when sub-resources are loaded as part of the "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page. **Recommendations** For versions prior to 63, update to version 63 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "Save Page As..." functionality until a patch is available. Restrict access to sensitive information when using the "Save Page As..." feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 26.0.0.137 and earlier **Description** The issue is a security bypass vulnerability that leads to information disclosure when performing URL redirect. It allows attackers to obtain sensitive information. **Recommendations** For Adobe Flash Player versions 26.0.0.137 and earlier, update to a version later than 26.0.0.137 to resolve the issue.