Rakesh Mane

**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 13.6 Versões do iPadOS anteriores à 13.6 Versões do tvOS anteriores à 13.4.8 Versões do watchOS anteriores à 6.2.8 Versões do Safari anteriores à 13.1.2 Versões do iTunes para Windows anteriores à 12.10.8 Versões do iCloud para Windows anteriores à 11.3 e 7.20 **Descrição** Um problema de codificação Unicode de URLs foi corrigido com um gerenciamento de estado aprimorado. Esse problema pode permitir que um invasor mal-intencionado oculte o destino de um URL. **Recomendações** Para versões do iOS anteriores à 13.6, atualize para o iOS 13.6 ou posterior. Para versões do iPadOS anteriores à 13.6, atualize para o iPadOS 13.6 ou posterior. Para versões do tvOS anteriores à 13.4.8, atualize para o tvOS 13.4.8 ou posterior. Para versões do watchOS anteriores à 6.2.8, atualize para o watchOS 6.2.8 ou posterior. Para versões do Safari anteriores à 13.1.2, atualize para o Safari 13.1.2 ou posterior. Para versões do iTunes para Windows anteriores à 12.10.8, atualize para o iTunes 12.10.8 ou posterior. Para versões do iCloud para Windows anteriores à 11.3 e 7.20, atualize para o iCloud para Windows 11.3 ou 7.20 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Firefox ESR versions prior to 60.9 Firefox ESR versions prior to 68.1 Thunderbird versions prior to 60.9 Thunderbird versions prior to 68.1 **Description** The issue is related to certain HTML elements, such as `title` and `textarea`, which can contain literal angle brackets without being treated as markup. This allows an attacker to pass a literal closing tag to `.innerHTML` on these elements, causing subsequent content to be parsed as if it were outside the tag. This can lead to cross-site scripting (XSS) attacks if a site does not filter user input strictly for these elements. **Recommendations** For Firefox versions prior to 69, update to version 69 or later. For Firefox ESR versions prior to 60.9, update to version 60.9 or later. For Firefox ESR versions prior to 68.1, update to version 68.1 or later. For Thunderbird versions prior to 60.9, update to version 60.9 or later. For Thunderbird versions prior to 68.1, update to version 68.1 or later.

**Name of the Vulnerable Software and Affected Versions** Opera Mini versions through 16.0.14 **Description** The issue is related to a UXSS vulnerability that can be triggered by navigating to a `javascript:` URL. **Recommendations** For versions through 16.0.14, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 68 **Description** The issue is related to the incorrect handling of certain Unicode characters during web content parsing, which can lead to the execution of malicious code and evade cross-site scripting (XSS) filtering. This allows a remote attacker to impact data integrity. **Recommendations** For versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious web content to minimize the risk of exploitation.