Gijs Kruitbosch

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions 91.12 and earlier, except version 91.12 Firefox ESR versions 102.1 and earlier, except version 102.1 Firefox versions 103 and earlier, except version 103 Thunderbird versions 91.12 and earlier, except version 91.12 Thunderbird versions 102.1 and earlier, except version 102.1 **Description** The issue arises from visiting directory listings for `chrome://` URLs as source text, where some parameters were reflected. This may allow a remote attacker to disclose protected information, modify the appearance of a web page, or conduct phishing attacks. **Recommendations** For Firefox ESR versions 91.12 and earlier, except version 91.12, update to version 91.12 or later. For Firefox ESR versions 102.1 and earlier, except version 102.1, update to version 102.1 or later. For Firefox versions 103 and earlier, except version 103, update to version 103 or later. For Thunderbird versions 91.12 and earlier, except version 91.12, update to version 91.12 or later. For Thunderbird versions 102.1 and earlier, except version 102.1, update to version 102.1 or later.