James Graham

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 97 **Description** The issue is related to the Remote Agent used in WebDriver, which did not properly validate the Host or Origin headers. This could have allowed websites to connect back to the user's browser and control it. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the lack of validation of the Host or Origin headers, which could allow an attacker to bypass security restrictions, disclose protected information, and execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 97, update to version 97 or later to resolve the issue. As a temporary workaround, consider disabling the WebDriver feature until a patch is available.