Mark Goodwin

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 46.0 **Description** The issue is related to the Firefox Health Reports feature, which does not properly restrict the origin of events. This makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. The exploitation of this issue can allow a remote attacker to change the sharing settings. **Recommendations** For versions prior to 46.0, update to version 46.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 **Description** The issue is related to the debugger in the developer-tools subsystem. When remote debugging is disabled, it does not properly restrict access to the remote-debugging service. This allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. **Recommendations** For versions prior to 15.0, update to version 15.0 or later to resolve the issue. As a temporary workaround, consider disabling the HTTPMonitor extension until a patch is available. Restrict access to the remote-debugging service to minimize the risk of exploitation.