Pedro Bernardo

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Thunderbird versions prior to 128 **Description** A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This issue is related to the incorrect SameSite attribute in a cookie file, which could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Firefox versions prior to 128, update to version 128 or later to resolve the issue. For Thunderbird versions prior to 128, update to version 128 or later to resolve the issue. As a temporary workaround, consider restricting access to iframes that could trigger cross-site navigation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK versions prior to the fixed version WPE WebKit versions prior to the fixed version iOS versions prior to 16.6 iPadOS versions prior to 16.6 watchOS versions prior to 9.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 **Description** A logic issue was addressed with improved restrictions. Processing web content may lead to arbitrary code execution. This issue is caused by a buffer overflow in the web page display modules of WebKitGTK and WPE WebKit. **Recommendations** For WebKitGTK, update to a version that includes the fix for this issue. For WPE WebKit, update to a version that includes the fix for this issue. For iOS, update to version 16.6 or later. For iPadOS, update to version 16.6 or later. For watchOS, update to version 9.6 or later. For tvOS, update to version 16.6 or later. For macOS Ventura, update to version 13.5 or later.