Jonathan Kingston

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 92 **Description** The issue is related to mixed-content checks being unable to analyze opaque origins, leading to some mixed content being loaded. This could potentially allow a remote attacker to conduct spoofing attacks using a specially crafted link. **Recommendations** For versions prior to 92, update to version 92 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable links to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 84.0.4147.89 **Description** The issue is related to an inappropriate implementation in the iframe sandbox of Google Chrome, allowing a remote attacker to bypass navigation restrictions. This can be achieved via a crafted HTML page. The vulnerability is also described as being related to incorrect security checks for standard elements, potentially allowing a remote attacker to impact data integrity. **Recommendations** For versions prior to 84.0.4147.89, update to version 84.0.4147.89 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 Firefox ESR versions prior to 60.1 **Description** The issue is related to insufficient access control in the WebExtensions system for developing browser extensions. It allows a remote attacker to exploit the weakness and gain elevated privileges. The vulnerability can be exploited by a malicious WebExtension to obtain full browser permissions due to improper authorization checks. **Recommendations** For Firefox versions prior to 61, update to version 61 or later to resolve the issue. For Firefox ESR versions prior to 60.1, update to version 60.1 or later to resolve the issue.