Jan Drescher

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 131 Firefox ESR versions prior to 128.3 Firefox ESR versions prior to 115.16 Thunderbird versions prior to 128.3 Thunderbird versions prior to 131 **Description** The issue is related to a flaw in the CORS mechanism of Mozilla Firefox, Firefox ESR, and the Thunderbird email client, specifically an error in source data confirmation. This could allow a remote attacker to bypass security restrictions, potentially leading to the arbitrary loading of cross-origin pages. **Recommendations** For Firefox versions prior to 131, update to version 131 or later. For Firefox ESR versions prior to 128.3, update to version 128.3 or later. For Firefox ESR versions prior to 115.16, update to version 115.16 or later. For Thunderbird versions prior to 128.3, update to version 128.3 or later. For Thunderbird versions prior to 131, update to version 131 or later.