Jakub Szymsza

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 **Description** A same-origin policy bypass exists in the Networking: HTTP component. The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. **Recommendations** Update to version 151 Update to version 140.11 Update to version 151 Update to version 140.11

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 139 Firefox ESR versions prior to 128.11 **Description** The issue arises from script elements loading cross-origin resources, which generate load and error events. These events leak information, enabling XS-Leaks attacks. XS-Leaks refer to a type of side-channel attack that involves exploiting the differences in behavior between same-origin and cross-origin requests to infer sensitive information. **Recommendations** For Firefox versions prior to 139, update to version 139 or later to resolve the issue. For Firefox ESR versions prior to 128.11, update to version 128.11 or later to resolve the issue.