Georg Felber

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9 **Description** The issue exists due to inadequate protection of web page structure when handling html and body tags. This could allow a remote attacker to gain unauthorized access to protected information. An attacker could use markup injection to steal nonce values, potentially bypassing strict content security policies. **Recommendations** For Firefox versions prior to 124, update to version 124 or later to resolve the issue. For Firefox ESR versions prior to 115.9, update to version 115.9 or later to resolve the issue. For Thunderbird versions prior to 115.9, update to version 115.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 17.4 Apple macOS Sonoma versions prior to 14.4 Apple visionOS versions prior to 1.1 Apple iOS versions prior to 17.4 Apple iPadOS versions prior to 17.4 Apple watchOS versions prior to 10.4 Apple iOS versions 16.7.6 and earlier Apple iPadOS versions 16.7.6 and earlier Apple Safari versions prior to 17.4 **Description** A logic issue was addressed with improved state management. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. **Recommendations** For Apple tvOS versions prior to 17.4, update to tvOS 17.4 or later. For Apple macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 or later. For Apple visionOS versions prior to 1.1, update to visionOS 1.1 or later. For Apple iOS versions prior to 17.4, update to iOS 17.4 or later. For Apple iPadOS versions prior to 17.4, update to iPadOS 17.4 or later. For Apple watchOS versions prior to 10.4, update to watchOS 10.4 or later. For Apple iOS versions 16.7.6 and earlier, update to iOS 17.4 or later. For Apple iPadOS versions 16.7.6 and earlier, update to iPadOS 17.4 or later. For Apple Safari versions prior to 17.4, update to Safari 17.4 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 17.4 macOS Sonoma versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 watchOS versions prior to 10.4 tvOS versions prior to 17.4 **Description** An injection issue was addressed with improved validation. A maliciously crafted webpage may be able to fingerprint the user. The issue is related to the disclosure of information and may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted webpage. **Recommendations** For Safari versions prior to 17.4, update to Safari 17.4 or later. For macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 or later. For iOS versions prior to 17.4, update to iOS 17.4 or later. For iPadOS versions prior to 17.4, update to iPadOS 17.4 or later. For watchOS versions prior to 10.4, update to watchOS 10.4 or later. For tvOS versions prior to 17.4, update to tvOS 17.4 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 122.0.6261.57 **Description** The issue is related to an inappropriate implementation in the Content Security Policy (CSP) mechanism of Google Chrome, allowing a remote attacker to bypass existing security restrictions using a specially crafted HTML page. This could potentially lead to security policy violations. The estimated number of affected devices and real-world incidents are not specified. **Recommendations** For Google Chrome versions prior to 122.0.6261.57, update to version 122.0.6261.57 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.