Johanaxelcarlsson

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 110 Mozilla Firefox ESR versions prior to 102.8 Mozilla Thunderbird versions prior to 102.8 **Description** The issue is related to the incorrect restriction of displayed layers or frames in the user interface, potentially allowing a remote attacker to access confidential information. Specifically, the `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. **Recommendations** For Mozilla Firefox versions prior to 110, update to version 110 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 102.8, update to version 102.8 or later to resolve the issue. For Mozilla Thunderbird versions prior to 102.8, update to version 102.8 or later to resolve the issue. As a temporary workaround, consider restricting interaction with iframes to minimize the risk of exploitation.