Kagami Rosylight

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 132 Firefox ESR versions prior to 128.4 Thunderbird versions prior to 128.4 Thunderbird versions prior to 132 **Description** The issue is related to the handling of specially crafted push messages, which could cause the browser to become unresponsive due to the parent process hanging. It also involves a lack of protection for SQL query structure, potentially allowing a remote attacker to cause a denial of service. **Recommendations** For Firefox versions prior to 132, update to version 132 or later to resolve the issue. For Firefox ESR versions prior to 128.4, update to version 128.4 or later to resolve the issue. For Thunderbird versions prior to 128.4, update to version 128.4 or later to resolve the issue. For Thunderbird versions prior to 132, update to version 132 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 111 **Description** The issue is related to insufficient protection of service data during the initialization of the offline cache in private browsing mode. This could allow a remote attacker to gain unauthorized access to protected information. Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. **Recommendations** For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider disabling the use of private browsing mode until a patch is available. Restrict access to sensitive information when using private browsing mode to minimize the risk of exploitation.