David Parks

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 60 **Description** The issue concerns the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" in Firefox, which is displayed as unchecked by default, even though the Adobe Flash sandbox is enabled. This discrepancy can lead to user confusion, potentially causing users to inadvertently turn off protections. The vulnerability is related to errors in privilege management and can be exploited by a remote attacker to bypass existing security restrictions. **Recommendations** For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider manually verifying the Adobe Flash protected mode setting to ensure it aligns with the intended security configuration. Restrict access to the Adobe Flash plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 39.0 **Description** The issue allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream, as native key press information is included during the logging of crashes. **Recommendations** For versions prior to 39.0, update to version 39.0 or later to resolve the issue.