Mkaply

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 **Description** The issue is caused by an integer overflow in the WebSocketChannel class of the Firefox browser's WebSockets subsystem. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using specially crafted packets that trigger incorrect buffer resize operations during the buffering procedure. Additionally, the browser mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, potentially allowing attackers to discover cleartext passwords by reading a session restoration file. **Recommendations** For versions prior to 48.0, update to version 48.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of WebSockets or disabling the WebSocketChannel class until a patch is available. Avoid using sensitive information in INPUT fields that may be saved in session restoration files.