Gijs

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 102 Mozilla Firefox ESR versions prior to 91.11 Thunderbird versions prior to 102 Thunderbird versions prior to 91.11 **Description** The issue is related to the implementation of protocols that deliver content to Microsoft applications, bypassing the browser. These protocols, including `ms-msdt`, `search`, and `search-ms`, can be exploited by an attacker to execute arbitrary code. The vulnerability is associated with errors in authorization handling for custom URL schemes. It is noted that these applications have had known vulnerabilities exploited in the wild. This issue only affects Thunderbird on Windows, with other operating systems being unaffected. **Recommendations** For Mozilla Firefox versions prior to 102, update to version 102 or later. For Mozilla Firefox ESR versions prior to 91.11, update to version 91.11 or later. For Thunderbird versions prior to 102, update to version 102 or later. For Thunderbird versions prior to 91.11, update to version 91.11 or later. As a temporary workaround, consider blocking the `ms-msdt`, `search`, and `search-ms` protocols from prompting the user to open them.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 99 **Description** The sourceMapURL feature in devtools was missing security checks, allowing a webpage to attempt to include local files or other files that should have been inaccessible. This issue is related to errors in security settings and could allow a remote attacker to disclose protected information. **Recommendations** For versions prior to 99, update to version 99 or later to resolve the issue. As a temporary workaround, consider restricting access to the sourceMapURL feature in devtools until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 77 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. It is also described as a buffer data boundary operation issue, where exploitation could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 77, update to version 77 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.