Rob Wu

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 115.25 Firefox ESR versions prior to 128.12 Description: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser. This UUID persisted between containers and normal/private browsing mode, but not profiles. Recommendations: For Firefox versions prior to 140, update to version 140 or later. For Firefox ESR versions prior to 115.25, update to version 115.25 or later. For Firefox ESR versions prior to 128.12, update to version 128.12 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Firefox ESR versions prior to 128.5 Thunderbird versions prior to 133 Thunderbird versions prior to 128.5 Description: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw could have caused runtime errors that disrupted the signature validation process, potentially bypassing the enforcement of signature validation for unrelated add-ons. Signature validation is used to ensure that third-party applications have not tampered with the user's extensions. Recommendations: For Firefox versions prior to 133, update to version 133 or later to resolve the issue. For Firefox ESR versions prior to 128.5, update to version 128.5 or later to resolve the issue. For Thunderbird versions prior to 133, update to version 133 or later to resolve the issue. For Thunderbird versions prior to 128.5, update to version 128.5 or later to resolve the issue. As a temporary workaround, consider disabling the `loadManifestFromFile` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 129 Firefox ESR versions prior to 115.14 Firefox ESR versions prior to 128.1 Thunderbird versions prior to 128.1 Thunderbird versions prior to 115.14 **Description** The issue is related to insufficient access control, allowing a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This could enable a remote attacker to bypass security restrictions and impact the confidentiality and integrity of protected information. **Recommendations** For Firefox versions prior to 129, update to version 129 or later. For Firefox ESR versions prior to 115.14, update to version 115.14 or later. For Firefox ESR versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 115.14, update to version 115.14 or later. As a temporary workaround, consider disabling the use of `StreamFilter` in web extensions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 122 Firefox ESR versions prior to 115.7 Thunderbird versions prior to 115.7 **Description** The issue is related to a malicious devtools extension that could be used to escalate privileges. It is associated with insufficient access control in the DevTools of Mozilla browsers and the Thunderbird email client. Exploitation of this issue may allow a remote attacker to elevate privileges. **Recommendations** For Firefox versions prior to 122, update to version 122 or later to resolve the issue. For Firefox ESR versions prior to 115.7, update to version 115.7 or later to resolve the issue. For Thunderbird versions prior to 115.7, update to version 115.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 111 **Description** The issue is related to errors in handling hyperlinks, which can lead to the translation of a URL to the actual local path when following a redirect to a publicly accessible web extension file. This can result in the leakage of potentially sensitive information. A remote attacker may exploit this issue to gain unauthorized access to protected information. **Recommendations** For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider restricting access to publicly accessible web extension files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 102 **Description** The issue is related to errors in checking downloaded updates, potentially allowing a remote attacker to downgrade the browser version during an update. Specifically, when downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. **Recommendations** For versions prior to 102, update to version 102 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially tampered manifests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 97 Mozilla Thunderbird versions prior to 91.6 Mozilla Firefox ESR versions prior to 91.6 **Description** The issue is related to the implementation of browser extensions in Mozilla Firefox and Thunderbird, specifically concerning insufficient access control. An attacker could exploit this to bypass introduced security restrictions by circumventing the permission request prompt during extension installation. If a user installed a particular type of extension, it could auto-update and bypass the prompt that grants new permissions to the updated version. **Recommendations** For Mozilla Firefox versions prior to 97, update to version 97 or later to resolve the issue. For Mozilla Thunderbird versions prior to 91.6, update to version 91.6 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 91.6, update to version 91.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 94 **Description** The issue is related to a same-origin-violation in the context of Web Extensions, where a Web Extension could access the post-redirect URL of an element clicked, potentially leaking data it should not have access to. This was due to a lack of the WebRequest permission for the hosts involved in the redirect. The problem has been fixed to provide the pre-redirect URL instead. **Recommendations** For Firefox versions prior to 94, update to version 94 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 78.9 Firefox versions prior to 87 Thunderbird versions prior to 78.9 **Description** A malicious extension could open a popup window lacking an address bar, with a fully controllable title, allowing it to spoof a website and attempt to trick the user into providing credentials. This issue is related to incorrect restriction of visualizable layers or frames in the user interface, which could enable a remote attacker to conduct spoofing attacks. **Recommendations** For Firefox ESR versions prior to 78.9, update to version 78.9 or later. For Firefox versions prior to 87, update to version 87 or later. For Thunderbird versions prior to 78.9, update to version 78.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 85 Firefox ESR versions prior to 78.7 Thunderbird versions prior to 78.7 **Description** The issue is related to the inclusion of features from an untrusted controlled area, allowing a remote attacker to gain unauthorized access to protected information using a specially crafted malicious PDF file. If a user clicks on a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information when said information is served as chunked data. **Recommendations** For Firefox versions prior to 85, update to version 85 or later to resolve the issue. For Firefox ESR versions prior to 78.7, update to version 78.7 or later to resolve the issue. For Thunderbird versions prior to 78.7, update to version 78.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the PDF reader in the affected browser versions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.93 **Description** The issue is related to insufficient policy enforcement in extensions, allowing a remote attacker to impact data integrity by convincing a user to install a malicious extension. This can lead to bypassing navigation restrictions via a crafted Chrome Extension. **Recommendations** For Google Chrome versions prior to 90.0.4430.93, update to version 90.0.4430.93 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 78.1 Firefox versions prior to 79 Thunderbird versions prior to 78.1 **Description** The issue is related to a CORS bypass in the implementation of the CORS mechanism in the affected software, potentially leading to the disclosure of cross-origin information. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the inclusion of features from an untrusted controlled area. **Recommendations** For Firefox ESR versions prior to 78.1, update to version 78.1 or later. For Firefox versions prior to 79, update to version 79 or later. For Thunderbird versions prior to 78.1, update to version 78.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.3 Firefox versions prior to 63 **Description** The issue is related to a lack of access control in the WebExtensions system for Firefox browsers. It allows a WebExtension to bypass domain restrictions through domain fronting by rewriting the Host: request headers using the `webRequest` API. This could enable access to restricted domains that share a host. **Recommendations** For Firefox ESR versions prior to 60.3, update to version 60.3 or later. For Firefox versions prior to 63, update to version 63 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.3 Firefox versions prior to 63 **Description** The issue allows a WebExtension to run content scripts in disallowed contexts following navigation or other events, potentially leading to privilege escalation on sites where content scripts should not be run. This could enable a remote attacker to elevate their privileges. **Recommendations** For Firefox ESR versions prior to 60.3, update to version 60.3 or later. For Firefox versions prior to 63, update to version 63 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.3 Firefox versions prior to 63 **Description** A WebExtension can request access to local files without displaying a warning prompt to the user, stating that the extension will "Access your data for all websites". This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. The issue is related to the lack of protection for service data in the WebExtensions system. **Recommendations** For Firefox ESR versions prior to 60.3, update to version 60.3 or later. For Firefox versions prior to 63, update to version 63 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 67.0.3396.62 **Description** The issue is related to insufficient input validation in the chrome.debugger API (DevTools) of Google Chrome, allowing a remote attacker to convince a user to install a malicious extension. This could enable the attacker to execute arbitrary code via a crafted Chrome Extension. **Recommendations** For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources and avoiding the use of the chrome.debugger API until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.117 Opera (affected versions not specified) **Description** A lack of host validation in DevTools allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. **Recommendations** For Google Chrome versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.117 **Description** The issue is related to a bad cast in DevTools in Google Chrome, which allowed an attacker to perform an out of bounds memory read via a crafted Chrome Extension. This could be achieved if the attacker convinced a user to install a malicious extension. The vulnerability affects Google Chrome on various operating systems, including Windows, Linux, Mac, and Chrome OS. **Recommendations** For versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources to minimize the risk of exploitation. Avoid using unverified or suspicious extensions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.117 **Description** The issue is related to the implementation of the Page.downloadBehavior backend in Google Chrome, which unconditionally marked downloaded files as safe, regardless of the file type. This could allow a remote attacker to convince a user to install a malicious extension using a specially crafted HTML page and user interaction, potentially leading to a sandbox escape. **Recommendations** For Google Chrome versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.117 Opera (affected versions not specified) **Description** The issue is related to a lack of CORS checks after a Service Worker redirects to a cross-origin PDF. This allows a remote attacker to leak limited cross-origin data via a crafted HTML page. **Recommendations** For Google Chrome versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.