Aleksejs Popovs

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 26.1 visionOS versions prior to 26.1 watchOS versions prior to 26.1 iOS versions prior to 26.1 iPadOS versions prior to 26.1 tvOS versions prior to 26.1 **Description** A malicious website may be able to exfiltrate data cross-origin due to insufficient checks. The issue was addressed with improved checks. **Recommendations** Update Safari to version 26.1. Update visionOS to version 26.1. Update watchOS to version 26.1. Update iOS to version 26.1. Update iPadOS to version 26.1. Update tvOS to version 26.1.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 87.0.4280.66 Firefox (affected versions not specified) Firefox ESR (affected versions not specified) Thunderbird (affected versions not specified) **Description** The issue is related to a data source confirmation error, allowing a remote attacker to access confidential data. It involves side-channel information leakage in graphics, enabling the attacker to leak cross-origin data via a crafted HTML page. **Recommendations** For Google Chrome versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later. For Firefox, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Firefox ESR, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.