Chris Hacking

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 68 **Description** The issue is related to the window.globalThis component in the Firefox browser, which is associated with an error in Object.getOwnPropertyNames(window). This error allows an attacker to bypass the isolated programming environment. Exploitation of this issue can enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem arises because window.globalThis is not enumerable until explicitly accessed by a script, making it invisible to certain code, such as Object.getOwnPropertyNames(window). This can lead to sandboxes being bypassed in sites that rely on enumerating and freezing access to the window object. **Recommendations** For Firefox versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider restricting access to the window object to minimize the risk of exploitation.