Robwu

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 111 **Description** The issue is related to errors in handling hyperlinks, which can lead to the translation of a URL to the actual local path when following a redirect to a publicly accessible web extension file. This can result in the leakage of potentially sensitive information. A remote attacker may exploit this issue to gain unauthorized access to protected information. **Recommendations** For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider restricting access to publicly accessible web extension files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 64 Description: The issue is related to a bypass of limitations on URIs allowed to WebExtensions by the browser.windows.create API. This can occur when a pipe in the URL field is used within the extension to load multiple pages as a single argument, potentially allowing a malicious WebExtension to open privileged about: or file: locations. This could enable a remote attacker to access confidential data. Recommendations: For Firefox versions prior to 64, update to version 64 or later to resolve the issue. As a temporary workaround, consider restricting the use of the browser.windows.create API within extensions to minimize the risk of exploitation. Avoid using the API to load multiple pages as a single argument until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 50.0.2661.75 Opera (affected versions not specified) **Description** The issue is related to the use of memory after it has been freed, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted extension. This occurs because the browser does not properly consider that frame removal may happen during callback execution. **Recommendations** For Google Chrome versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 41.0.2272.76 Opera (affected versions not specified) **Description** The issue is related to the DebuggerFunction::InitAgentHost function, which does not properly restrict what URLs are available as debugger targets. This allows remote attackers to bypass intended access restrictions via a crafted extension. The exploitation of this issue enables attackers to circumvent access limitations. **Recommendations** For Google Chrome versions prior to 41.0.2272.76, update to version 41.0.2272.76 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.