Llamakko

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 Firefox ESR versions 38.x prior to 38.7 **Description** The issue is related to errors in the implementation of the back button functionality. It can be exploited by a remote attacker to spoof the address bar using the `history.back` method and the `location.protocol` property. This could potentially allow an attacker to deceive users about the actual website they are visiting. **Recommendations** For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions 38.x prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 Mozilla Firefox ESR versions prior to 38.5 **Description** The issue allows remote attackers to bypass the Same Origin Policy. This can be achieved via specially crafted data: and view-source: URIs. The vulnerability is related to the lack of protection for service data, which can be exploited by a remote attacker to bypass existing access restriction policies. **Recommendations** For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Mozilla Firefox ESR versions prior to 38.5, update to version 38.5 or later.