Ademar Nowasky Junior

**Name of the Vulnerable Software and Affected Versions** Find My Mobile versions prior to 7.3.13.4 **Description** The issue allows a physical attacker to unlock a device remotely by resetting the Samsung Account password with SMS verification when the user has lost the device. This is possible due to the abuse of remote unlock in Find My Mobile. **Recommendations** For versions prior to 7.3.13.4, update to version 7.3.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the remote unlock feature in Find My Mobile until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 94 **Description** The issue allows a website to potentially steal authentication tokens by tricking a user into copying and pasting an image link that contains the token. This can happen when an image triggers authentication flows and a Content Security Policy stops a redirection chain, resulting in the final image URL containing the authentication token. The estimated number of potentially affected devices is not specified. **Recommendations** For Firefox versions prior to 94, update to version 94 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the 'Copy Image Link' context menu action until the update is applied. Restrict access to sensitive information when copying and pasting links from untrusted websites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 94 Thunderbird versions prior to 91.3 Firefox ESR versions prior to 91.3 **Description** The issue is related to an incorrect limitation of visualized user interface layers in Mozilla Firefox, allowing an attacker to display a Javascript `alert()` dialog with arbitrary contents over an uncontrolled webpage. This can be achieved through a specific sequence of attacker-controlled events. **Recommendations** For Firefox versions prior to 94, update to version 94 or later. For Thunderbird versions prior to 91.3, update to version 91.3 or later. For Firefox ESR versions prior to 91.3, update to version 91.3 or later.

**Name of the Vulnerable Software and Affected Versions** Visual Studio (affected versions not specified) **Description** The issue is related to incorrect code generation management in the software development tool. It may allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86 Thunderbird versions prior to 78.8 Firefox ESR versions prior to 78.8 Description: A security issue was found where Content Security Policy blocked frame navigation, potentially leaking sensitive information contained in URIs. This could be used to reveal the full destination of a redirect served in the frame, as opposed to the original frame URI. Recommendations: For Firefox versions prior to 86, update to version 86 or later to resolve the issue. For Thunderbird versions prior to 78.8, update to version 78.8 or later to resolve the issue. For Firefox ESR versions prior to 78.8, update to version 78.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joplin desktop versions 1.0.190 through 1.0.245 **Description** The issue allows for arbitrary code execution via a malicious HTML embed tag. This is an XSS issue that affects Joplin desktop, enabling potential attackers to execute arbitrary code. **Recommendations** For versions 1.0.190 through 1.0.245, update to a version outside of this range to mitigate the risk of arbitrary code execution. As a temporary workaround, consider restricting the use of HTML embed tags in Joplin desktop until a patch is available.