Kaizer Soze

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 83 **Description** A malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page when listening for page changes with a Mutation Observer. This would lead to internal errors and unexpected behavior in the Screenshots code. **Recommendations** For versions prior to 83, update to version 83 or later to resolve the issue. As a temporary workaround, consider disabling the use of Mutation Observers in Firefox Screenshots until a patch is available. Restrict access to sensitive elements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 80 Thunderbird versions prior to 78.2 Thunderbird versions prior to 68.12 Firefox ESR versions prior to 78.2 Firefox ESR versions prior to 68.12 Firefox for Android versions prior to 80 **Description** A malicious webpage could gain access to the InstallTrigger object by holding a reference to the `eval()` function from an about:blank window. This could allow them to prompt the user to install an extension, potentially resulting in an unintended or malicious extension being installed due to user confusion. **Recommendations** For Firefox versions prior to 80, update to version 80 or later. For Thunderbird versions prior to 78.2, update to version 78.2 or later. For Thunderbird versions prior to 68.12, update to version 68.12 or later. For Firefox ESR versions prior to 78.2, update to version 78.2 or later. For Firefox ESR versions prior to 68.12, update to version 68.12 or later. For Firefox for Android versions prior to 80, update to version 80 or later.