François Marier

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 56 Mozilla Firefox ESR versions prior to 52.4 Mozilla Thunderbird versions prior to 52.4 **Description** The issue is related to the Phishing and Malware Protection feature, which failed to properly check file downloads encoded with `blob:` and `data:` URL elements. This allowed malicious sites to bypass normal file download checks and block lists of suspicious sites and files, potentially luring users into downloading executables that would otherwise be detected as suspicious. The vulnerability can be exploited by a remote attacker to conduct phishing attacks. **Recommendations** For Mozilla Firefox versions prior to 56, update to version 56 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 52.4, update to version 52.4 or later to resolve the issue. For Mozilla Thunderbird versions prior to 52.4, update to version 52.4 or later to resolve the issue.