Tjr

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 102 **Description** A security issue exists where a sandboxed iframe with the `allow-top-navigation-by-user-activation` attribute can still process redirect headers to external protocols, potentially prompting the user. **Recommendations** For Firefox versions prior to 102, update to version 102 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 87 Description: The issue allows an attacker to enable the Devtools remote debugging feature unnoticed by the user, potentially by altering specific about:config values, such as those modified by malware running on the user's computer. This could enable a remote attacker, who can make a direct network connection to the victim, to monitor the user's browsing activity and plaintext network traffic. A visual cue has been introduced for Devtools when it has an open network socket to address this issue. Recommendations: For Firefox versions prior to 87, update to version 87 or later to resolve the issue. As a temporary workaround, consider disabling the Devtools remote debugging feature until the update can be applied. Restrict access to the about:config values to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 82.0.3 Firefox ESR versions prior to 78.4.1 Thunderbird versions prior to 78.4.2 **Description** The issue is related to the MCallGetProperty opcode being emitted with unmet assumptions, resulting in an exploitable use-after-free condition. This can lead to accessing already freed memory, which is suitable for creating a working exploit. The problem is associated with the incorrect usage of the MCallGetProperty operation code. **Recommendations** For Firefox versions prior to 82.0.3, update to version 82.0.3 or later. For Firefox ESR versions prior to 78.4.1, update to version 78.4.1 or later. For Thunderbird versions prior to 78.4.2, update to version 78.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 72.0.1 Firefox ESR versions prior to 68.4.1 Thunderbird versions prior to 68.4.1 **Description** The issue is related to a type confusion vulnerability in the IonMonkey JIT compiler, which could allow a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service using a specially crafted web page. There have been targeted attacks in the wild abusing this flaw. The vulnerability can be exploited by tricking users into visiting a malicious site, potentially allowing remote attackers to take complete control over computers. **Recommendations** For Firefox versions prior to 72.0.1, update to version 72.0.1 or later. For Firefox ESR versions prior to 68.4.1, update to version 68.4.1 or later. For Thunderbird versions prior to 68.4.1, update to version 68.4.1 or later. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.