Thomas Henlich

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Firefox ESR versions prior to 68.1 **Description** The issue is related to the "Forget about this site" feature in the History pane, which is intended to remove all saved user data indicating a site visit, including HTTP Strict Transport Security (HSTS) settings. However, due to a bug, sites on the pre-load list also have their HSTS setting removed. This means that if a user visits such a site using an http: URL instead of a secure https: URL, they will not be protected by the pre-loaded HSTS setting until the site's HSTS setting is restored after the visit. **Recommendations** For Firefox versions prior to 69, update to version 69 or later to resolve the issue. For Firefox ESR versions prior to 68.1, update to version 68.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Thunderbird versions 1.0.5 BETA through 1.0.7 **Description** The issue allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack. This attack bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication, potentially exposing user credentials. **Recommendations** For Mozilla Thunderbird versions 1.0.5 BETA through 1.0.7, consider disabling the SMTP client functionality until a patch is available to prevent potential man-in-the-middle attacks. Restrict access to sensitive information and authentication processes to minimize the risk of exploitation.