Konstantin Preißer

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 127 **Description** The issue is related to the incorrect handling of cookie prefixes such as ` Secure` due to case-sensitive comparison, which should be case-insensitive according to the specification. This could lead to the browser not honoring the behaviors specified by the prefix. The vulnerability may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 127, update to version 127 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) versions 6 Update 23 and earlier Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier Java Runtime Environment (JRE) versions 1.4.2 29 and earlier **Description** The issue allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number. This is demonstrated using the string `2.2250738585072012e-308`. The `Double.parseDouble` method is the point of concern in this issue. **Recommendations** For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version that includes the fix for this issue. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version that includes the fix for this issue. For Java Runtime Environment (JRE) versions 1.4.2 29 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the `Double.parseDouble` method with untrusted input until a patch is available.