Kang Ali

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Thunderbird versions prior to 148 **Description** A spoofing issue exists in the WebAuthn component in Firefox for Android. This issue affects Firefox and Thunderbird. **Recommendations** Update Firefox to version 148 or later. Update Thunderbird to version 148 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 143 Thunderbird versions prior to 143 **Description** The software contains a flaw. **Recommendations** Update Firefox to version 143 or later. Update Thunderbird to version 143 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. Recommendations: For versions prior to 140, update to version 140 or later to resolve the issue. As a temporary workaround, consider being cautious when granting exceptions for websites, especially when accessing them via HTTP, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 133 Firefox ESR versions prior to 128.5 Thunderbird versions prior to 133 Thunderbird versions prior to 128.5 **Description** A flaw in handling fullscreen transitions may have caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions, resulting in a disrupted browsing experience until the browser is restarted. The bug only affects the application when running on macOS, with other operating systems being unaffected. **Recommendations** For Firefox versions prior to 133, update to version 133 or later to resolve the issue. For Firefox ESR versions prior to 128.5, update to version 128.5 or later to resolve the issue. For Thunderbird versions prior to 133, update to version 133 or later to resolve the issue. For Thunderbird versions prior to 128.5, update to version 128.5 or later to resolve the issue. As a temporary workaround, consider restarting the browser to exit fullscreen mode until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 132 Firefox ESR versions prior to 128.4 Thunderbird versions prior to 128.4 Thunderbird versions prior to 132 **Description** The issue is related to a spoofing attack that can bypass authentication. This can be exploited by a remote attacker to impact the integrity of protected information. The vulnerability is caused by a clipboard "paste" button that can persist across tabs, allowing for a spoofing attack. **Recommendations** For Firefox versions prior to 132, update to version 132 or later to resolve the issue. For Firefox ESR versions prior to 128.4, update to version 128.4 or later to resolve the issue. For Thunderbird versions prior to 128.4, update to version 128.4 or later to resolve the issue. For Thunderbird versions prior to 132, update to version 132 or later to resolve the issue. As a temporary workaround, consider disabling the clipboard "paste" button across tabs until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 117.0.5938.62 **Description** The issue is related to an inappropriate implementation in Prompts in Google Chrome, allowing a remote attacker to potentially spoof security UI via a crafted HTML page. This could be exploited by a remote attacker using a specially crafted HTML page. **Recommendations** For versions prior to 117.0.5938.62, update to version 117.0.5938.62 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Intel Unite Client versions prior to 4.2.11 **Description** The issue is related to an uncontrolled search path element in the Intel Unite Client software. This could allow an authenticated user to potentially enable escalation of privilege via local access, resulting in unauthorized access to information. **Recommendations** For versions prior to 4.2.11, update to version 4.2.11 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system until the update is applied.