Paul Stone

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 83 **Description** The issue allows cross-origin iframes with a login form to be recognized and populated by the login autofill service. This could be exploited in clickjacking attacks and also allows data to be read across partitions in dynamic first party isolation. **Recommendations** For versions prior to 83, update to version 83 or later to resolve the issue. As a temporary workaround, consider disabling the login autofill service for cross-origin iframes until a patch is available. Restrict access to sensitive information in login forms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Thunderbird versions prior to 68.1 Thunderbird versions prior to 60.9 Firefox ESR versions prior to 60.9 Firefox ESR versions prior to 68.1 **Description** A same-origin policy violation occurs, allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element. This is due to an error in how same-origin policy is applied to cached image content, potentially leading to data theft. The issue is related to the inclusion of functionality from an untrusted domain. **Recommendations** For Firefox versions prior to 69, update to version 69 or later. For Thunderbird versions prior to 68.1, update to version 68.1 or later. For Thunderbird versions prior to 60.9, update to version 60.9 or later. For Firefox ESR versions prior to 60.9, update to version 60.9 or later. For Firefox ESR versions prior to 68.1, update to version 68.1 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 64.0.3282.119 Opera (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the autofill feature, allowing a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. This could potentially affect a significant number of devices worldwide, although the exact number is not specified. **Recommendations** For Google Chrome versions prior to 64.0.3282.119, update to version 64.0.3282.119 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 51 **Description** The issue concerns data sent in multipart channels, such as the multipart/x-mixed-replace MIME type, ignoring the referrer-policy response header. This could lead to potential information disclosure for sites relying on this header. **Recommendations** For versions prior to 51, update to version 51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 51 **Description** The issue concerns Proxy Auto-Config (PAC) files, which can specify a JavaScript function that is called for all URL requests, potentially exposing more information than would be sent to the proxy itself in the case of HTTPS. Normally, the Proxy Auto-Config file is presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD), this file can be served remotely, introducing a potential risk. **Recommendations** For Firefox versions prior to 51, update to version 51 or later to resolve the issue. As a temporary workaround, consider disabling Web Proxy Auto Detect (WPAD) to minimize the risk of exploitation. Restrict access to remote Proxy Auto-Config files to prevent potential malicious activity.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 4.4.4 Android versions 5.0.x prior to 5.0.2 Android versions 5.1.x prior to 5.1.1 Android versions 6.x before 2016-07-01 **Description** The issue is related to the net/PacProxySelector.java script in the Proxy Auto-Config (PAC) feature, which lacks proper URL information restriction by scheme, host, and port. This can be exploited by a remote attacker to gain access to credentials by operating a server with a PAC script. **Recommendations** For Android versions prior to 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x prior to 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x prior to 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-07-01, update to a version released after 2016-07-01.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 **Description** The issue is related to the mishandling of URLs in http and https requests by the CFNetwork Proxies subsystem. This allows remote attackers to obtain sensitive information via unspecified vectors. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Captive Network Assistant in Apple OS X versions prior to 10.11.5 **Description** The issue exists due to insufficient input validation in the Captive Network Assistant component of Mac OS X. This allows a remote attacker to execute arbitrary code. The exploitation is possible through unspecified vectors, requiring user assistance. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom URL schemes in the Captive Network Assistant until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 22.0 Firefox ESR 17.x versions prior to 17.0.7 Thunderbird versions prior to 17.0.7 Thunderbird ESR 17.x versions prior to 17.0.7 **Description** The issue allows remote attackers to read pixel values and possibly bypass the Same Origin Policy by observing timing differences in the execution of filter code in the SVG filter implementation. **Recommendations** For Mozilla Firefox versions prior to 22.0, update to version 22.0 or later. For Firefox ESR 17.x versions prior to 17.0.7, update to version 17.0.7 or later. For Thunderbird versions prior to 17.0.7, update to version 17.0.7 or later. For Thunderbird ESR 17.x versions prior to 17.0.7, update to version 17.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 12.0 Firefox ESR versions 10.x before 10.0.5 Thunderbird versions 5.0 through 12.0 Thunderbird ESR versions 10.x before 10.0.5 SeaMonkey versions prior to 2.10 **Description** The issue allows local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element. This can be demonstrated by a network share implemented by Microsoft Windows or Samba. **Recommendations** For Mozilla Firefox versions 4.x through 12.0, update to a version later than 12.0. For Firefox ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For Thunderbird versions 5.0 through 12.0, update to a version later than 12.0. For Thunderbird ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For SeaMonkey versions prior to 2.10, update to version 2.10 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 5.0 Mozilla Thunderbird versions prior to 5.0 **Description** The issue allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader, by not blocking the use of a cross-domain image as a WebGL texture. **Recommendations** For Mozilla Firefox versions prior to 5.0, update to version 5.0 or later to resolve the issue. For Mozilla Thunderbird versions prior to 5.0, update to version 5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.19 Mozilla Firefox versions 3.6.x prior to 3.6.17 SeaMonkey versions prior to 2.0.14 **Description** The issue is related to the improper implementation of autocompletion for forms, allowing remote attackers to read form history entries. This can be achieved via a Java applet that spoofs interaction with the autocomplete controls. **Recommendations** For Mozilla Firefox versions prior to 3.5.19, update to version 3.5.19 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.17, update to version 3.6.17 or later. For SeaMonkey versions prior to 2.0.14, update to version 2.0.14 or later.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 9.0.277.0 Adobe Flash Player versions 10.x prior to 10.1.53.64 Adobe AIR versions prior to 2.0.2.12610 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing when used with Firefox or Chrome. **Recommendations** For Adobe Flash Player versions prior to 9.0.277.0, update to version 9.0.277.0 or later. For Adobe Flash Player versions 10.x prior to 10.1.53.64, update to version 10.1.53.64 or later. For Adobe AIR versions prior to 2.0.2.12610, update to version 2.0.2.12610 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1 on Mac OS X 10.4 **Description** A cross-site scripting (XSS) issue allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a paste or drag-and-drop operation for a selection. **Recommendations** For Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Apple Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document. This can occur when a user drags one browser window across another. An information disclosure vulnerability also exists, which could allow script to gain access to a browser window in another domain or Internet Explorer zone by constructing a specially crafted Web page. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, consider disabling the ability to drag browser windows across each other as a temporary workaround until a patch is available. Restrict access to sensitive information when viewing web pages from different domains or zones to minimize the risk of information disclosure.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.15 Mozilla Firefox versions 3.5.x prior to 3.5.4 **Description** The issue allows remote attackers to read form history by forging mouse and keyboard events. This is achieved by leveraging the auto-fill feature to populate form fields with history entries in an attacker-readable form. **Recommendations** For versions prior to 3.0.15, update to version 3.0.15 or later. For versions 3.5.x prior to 3.5.4, update to version 3.5.4 or later.