Georg Koppen

**Name of the Vulnerable Software and Affected Versions** Tor Browser versions prior to 8.5.4 **Description** The issue allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This behavior is related to a similar issue in Firefox before version 68. **Recommendations** For Tor Browser versions prior to 8.5.4, update to version 8.5.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of IFRAME elements until a patch is applied. Avoid using the title attribute of LINK elements for non-HTML pages in the affected browser versions.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 Firefox ESR versions prior to 45.3 **Description** The issue is caused by a stack-based buffer underflow in the `mozilla::gfx::BasePoint4d` function. This can be exploited by a remote attacker using specially crafted two-dimensional graphics data that is mishandled during clipping-region calculations, potentially allowing the execution of arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later. For Firefox ESR versions prior to 45.3, update to version 45.3 or later.