P Umar Farooq

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 130 **Description** The issue is related to the notification announcing the transition to fullscreen mode in Firefox on Android. Multiple prompts and panels from both Firefox and the Android OS could be used to obscure this notification, potentially leading to spoofing of the browser UI if the user is distracted by the sudden appearance of a prompt. The notifications now use the Android Toast feature. This issue only affects Firefox on Android, with other operating systems being unaffected. **Recommendations** For versions prior to 130, update to Firefox version 130 or later to resolve the issue. As a temporary workaround, consider being cautious when multiple prompts appear, ensuring to notice any visual transitions to fullscreen mode. Restricting the use of fullscreen mode until the update can also minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 116 Firefox ESR versions prior to 115.1 Thunderbird versions prior to 115.1 **Description** The issue is related to the handling of appref-ms files, where Firefox did not provide adequate warnings about potential malicious code. This problem only affects Firefox on Windows, with other operating systems being unaffected. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later. For Thunderbird versions prior to 115.1, update to version 115.1 or later. As a temporary workaround, consider avoiding the use of appref-ms files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 115 Firefox ESR versions prior to 102.13 Thunderbird versions prior to 102.13 **Description** The issue is related to the lack of warning when opening Diagcab files, which may contain malicious code. This could allow an attacker to perform a spoofing attack. **Recommendations** For Firefox versions prior to 115, update to version 115 or later to resolve the issue. For Firefox ESR versions prior to 102.13, update to version 102.13 or later to resolve the issue. For Thunderbird versions prior to 102.13, update to version 102.13 or later to resolve the issue.