Tony Paloma

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.7 Firefox versions prior to 59 **Description** The issue is related to the "fetch()" API, which under certain circumstances can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header, instead of downloading a copy from the network. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information. **Recommendations** For Firefox ESR versions prior to 52.7, update to version 52.7 or later. For Firefox versions prior to 59, update to version 59 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 59 Firefox-ESR versions prior to 52.7 **Description** The issue is related to the implementation of WebRTC technology in Mozilla Firefox and Firefox-ESR browsers, specifically concerning the mismatched RTP payload type of sent data packets. This can potentially lead to a crash when packets with a mismatched RTP payload type are sent in WebRTC connections. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For Firefox versions prior to 59, update to version 59 or later to resolve the issue. For Firefox-ESR versions prior to 52.7, update to version 52.7 or later to resolve the issue.