Jannis Rautenstrauch

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 103 **Description** The issue is related to insufficient protection of internal data in the Firefox web browser. It allows a remote attacker to potentially gain unauthorized access to protected information. When using the Performance API, an attacker can notice subtle differences between PerformanceEntries, learning whether the target URL had been subject to a redirect. **Recommendations** For versions prior to 103, update to version 103 or later to resolve the issue. As a temporary workaround, consider restricting access to the Performance API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 91.5 Firefox versions prior to 96 Thunderbird versions prior to 91.5 **Description** The issue is related to Securitypolicyviolation events, which could lead to a leak of cross-origin information for frame-ancestors violations. This allows a remote attacker to access confidential information. **Recommendations** For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Firefox versions prior to 96, update to version 96 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.