Tom Van Goethem

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 26.3 Apple iOS versions prior to 26.3 Apple iPadOS versions prior to 26.3 Apple macOS Tahoe versions prior to 26.3 Apple visionOS versions prior to 26.3 **Description** A website may be able to track users through Safari web extensions due to improved state management. **Recommendations** Update Apple Safari to version 26.3. Update Apple iOS to version 26.3. Update Apple iPadOS to version 26.3. Update Apple macOS Tahoe to version 26.3. Update Apple visionOS to version 26.3.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 **Description** A website may be able to exfiltrate image data cross-origin due to improper handling of caches. **Recommendations** Update to iOS version 18.7.2. Update to iPadOS version 18.7.2.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 115.27 Firefox ESR versions prior to 128.14 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird versions prior to 128.14 Thunderbird versions prior to 140.2 Description: A same-origin policy bypass exists in the Graphics: Canvas2D component. Recommendations: Update Firefox to version 142 or later. Update Firefox ESR to version 115.27 or later. Update Firefox ESR to version 128.14 or later. Update Firefox ESR to version 140.2 or later. Update Thunderbird to version 142 or later. Update Thunderbird to version 128.14 or later. Update Thunderbird to version 140.2 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 89.0.4389.72 **Description** The issue is related to side-channel information leakage in Network Internals, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This is also associated with errors in cryptographic transformations, which could enable an unauthorized access to protected information. **Recommendations** For versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.72 Microsoft Edge (affected versions not specified) Description: The issue is related to an inappropriate implementation in storage, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This is due to a poorly implemented security check for standard elements. Exploitation of the issue may allow an attacker to gain unauthorized access to protected information using a specially crafted web page. Recommendations: For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HTTP/2 protocol (affected versions not specified) **Description** The issue concerns the HTTP/2 protocol, which does not account for the TCP congestion window when determining content length. This oversight allows remote attackers to exploit a web-browser configuration where third-party cookies are sent, making it easier to obtain cleartext data through a "HEIST" attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue concerns the HTTPS protocol and its interaction with web-browser configurations, particularly when third-party cookies are sent. This can be exploited by remote attackers to obtain cleartext data through a "HEIST" attack, which leverages the lack of consideration for the TCP congestion window in providing content length information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue arises from improper determination of serialized data in wp-includes/functions.php, allowing remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue concerns the default configuration, which does not prevent uploads of certain file types, potentially making it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. This is related to the `get allowed mime types` function in `wp-includes/functions.php`. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent the upload of .swf and .exe files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.6.1 **Description** The issue allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified `user ID` parameter in the `wp-admin/includes/post.php` file. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.