Erik Kraft

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 102.5 Thunderbird versions prior to 102.5 Firefox versions prior to 107 **Description** The issue is related to keyboard events and cache-based timing attacks, such as Prime+Probe, which could potentially reveal pressed keys. This is a security error in Mozilla browsers, including Firefox and Thunderbird, that may allow a remote attacker to disclose protected information. **Recommendations** For Firefox ESR versions prior to 102.5, update to version 102.5 or later. For Thunderbird versions prior to 102.5, update to version 102.5 or later. For Firefox versions prior to 107, update to version 107 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.79 Microsoft Edge (affected versions not specified) **Description** The issue is related to side-channel information leakage in keyboard input, allowing a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. This can be achieved by exploiting the inconsistency in the browser's behavior. **Recommendations** For Google Chrome versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.