Paul Zühlcke

**Name of the Vulnerable Software and Affected Versions** Mozilla Thunderbird versions prior to 91.4.0 Mozilla Firefox ESR versions prior to 91.4.0 Mozilla Firefox versions prior to 95 **Description** The issue is related to the execution of a loop with an unreachable exit condition, potentially allowing a remote attacker to cause a denial of service via an infinite loop error when using the `Location API`. This could lead to severe application hangs and crashes. **Recommendations** For Mozilla Thunderbird versions prior to 91.4.0, update to version 91.4.0 or later. For Mozilla Firefox ESR versions prior to 91.4.0, update to version 91.4.0 or later. For Mozilla Firefox versions prior to 95, update to version 95 or later. As a temporary workaround, consider restricting the use of the `Location API` in loops to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 85 **Description** The issue is related to errors in handling permissions for the WebRTC extension in Mozilla Firefox. It may allow a remote attacker to impact data integrity. When sharing geolocation during an active WebRTC share, Firefox could reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. **Recommendations** For versions prior to 85, update to version 85 or later to resolve the issue. As a temporary workaround, consider avoiding the use of geolocation sharing during active WebRTC shares until the update is applied. Restrict access to WebRTC functionality to minimize the risk of exploitation.