Laurent Bigonville

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 102 Firefox ESR versions prior to 91.11 Thunderbird versions prior to 102 Thunderbird versions prior to 91.11 **Description** The issue is related to incorrect error handling when a PAC file is unavailable. If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests are blocked, resulting in incorrect error pages being shown. This can be exploited by a remote attacker to set a PAC URL, and if the PAC server is unavailable, OCSP requests are blocked, leading to incorrect error pages. **Recommendations** For Firefox versions prior to 102, update to version 102 or later. For Firefox ESR versions prior to 91.11, update to version 91.11 or later. For Thunderbird versions prior to 102, update to version 102 or later. For Thunderbird versions prior to 91.11, update to version 91.11 or later.