Dave Vandyke

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 109 Thunderbird versions prior to 102.7 Firefox ESR versions prior to 102.7 **Description** A security issue was found in the handling of WebSocket creation within WebWorkers, causing the Content Security Policy `connect-src` header to be bypassed. This could allow connections to restricted origins from inside WebWorkers. The vulnerability may be exploited by a remote attacker to impact data integrity. **Recommendations** For Firefox versions prior to 109, update to version 109 or later to resolve the issue. For Thunderbird versions prior to 102.7, update to version 102.7 or later to resolve the issue. For Firefox ESR versions prior to 102.7, update to version 102.7 or later to resolve the issue.