Ben Kelly

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 **Description** The issue is related to service workers using redirection to avoid the tainting of cross-origin resources, allowing a malicious site to read responses that are supposed to be opaque. This can enable a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 61, update to version 61 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 57 **Description** The issue is related to mixed content blocking in Firefox, where insecure HTTP sub-resources in a secure HTTPS document were not correctly blocked, especially for resources that redirect from HTTPS to HTTP. This allowed content, such as scripts, to be loaded on a page when it should have been blocked. The vulnerability can be exploited to conduct cross-site scripting attacks. **Recommendations** For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP resources within HTTPS documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 52, update to version 52 or later.