Mingi Jung

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 **Description** A mitigation bypass exists in the DOM Security component of Firefox. This issue could allow bypassing security mitigations. **Recommendations** Update Firefox to a version newer than 146. Update Firefox ESR to a version newer than 115.31. Update Firefox ESR to a version newer than 140.6.

**Name of the Vulnerable Software and Affected Versions** Whale browser versions prior to 4.35.351.12 **Description** The Whale browser is susceptible to an iframe sandbox escape in a sidebar environment. An attacker can leverage this to bypass security restrictions imposed by the iframe sandbox. **Recommendations** Update the Whale browser to version 4.35.351.12 or later.

**Name of the Vulnerable Software and Affected Versions** Whale browser versions prior to 4.35.351.12 **Description** A flaw exists in Whale browser that allows an attacker to circumvent the Same-Origin Policy within a sidebar environment. This bypass could potentially allow unauthorized access to data or functionality. **Recommendations** Update Whale browser to version 4.35.351.12 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Whale browser versions prior to 4.32.315.22 Description: The issue allows an attacker to bypass the Same-Origin Policy in a dual-tab environment. This means that an attacker could potentially access or manipulate data from another origin, which is normally restricted by the browser's security policies. Recommendations: For versions prior to 4.32.315.22, update to version 4.32.315.22 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: xdg-utils versions 1.1.0 through 1.2.1 xdg-utils version 1.2.1 Description: The issue concerns xdg-open in xdg-utils, which can send requests containing SameSite=Strict cookies. This can facilitate Cross-Site Request Forgery (CSRF) attacks. The problem is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user or resulted from navigation from content in an untrusted origin. Recommendations: For xdg-utils versions 1.1.0 through 1.2.1, consider modifying xdg-open to associate x-scheme-handler/https with the execution of a browser using command-line options that arrange for an empty cookie store, although this would add substantial complexity and may not be desirable for all users. For xdg-utils version 1.2.1, as a temporary workaround, consider restricting the use of xdg-open to minimize the risk of CSRF attacks until a more suitable solution is available.