Tsubasa Iinuma

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 **Description** The issue allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL, specifically affecting the CFNetwork HTTPProtocol. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 Mozilla Firefox ESR versions prior to 38.5 **Description** The issue allows remote attackers to bypass the Same Origin Policy. This can be achieved via specially crafted data: and view-source: URIs. The vulnerability is related to the lack of protection for service data, which can be exploited by a remote attacker to bypass existing access restriction policies. **Recommendations** For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Mozilla Firefox ESR versions prior to 38.5, update to version 38.5 or later.