Gregory Smiley

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.8 Firefox versions prior to 68 Thunderbird versions prior to 60.8 **Description** The issue is related to NPAPI plugins, such as Flash, in Firefox and Thunderbird, where a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks, enabling remote attackers to perform actions on behalf of the user. **Recommendations** For Firefox ESR versions prior to 60.8, update to version 60.8 or later. For Firefox versions prior to 68, update to version 68 or later. For Thunderbird versions prior to 60.8, update to version 60.8 or later.