Leon Visscher

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 75 **Description** A malicious extension could exploit the issue by calling the `browser.identity.launchWebAuthFlow` function, controlling the `redirect uri`, and obtaining the Auth code through the returned Promise, potentially gaining access to the user's account at the service provider. **Recommendations** For versions prior to 75, update to version 75 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `browser.identity.launchWebAuthFlow` function until a patch is applied.