Matt Wobensmith

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 47.0 **Description** The issue exists due to the browser's failure to properly enforce web page structure protection, allowing a remote attacker to conduct cross-site scripting (XSS) attacks using a specially crafted applet. This can be achieved by ignoring Content Security Policy (CSP) directives for cross-domain Java applets. **Recommendations** For versions prior to 47.0, update to version 47.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of Java applets in Mozilla Firefox until a patch is applied. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 22.0 **Description** The issue concerns the getUserMedia permission implementation, which incorrectly references the URL of a top-level document instead of the URL of a specific page. This makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements. **Recommendations** For versions prior to 22.0, update to version 22.0 or later to resolve the issue.