Yassine Tioual

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 84 Thunderbird versions prior to 78.6 Firefox ESR versions prior to 78.6 **Description** The issue arises when an extension with the proxy permission is registered to receive `all urls`. In such cases, the `proxy.onRequest` callback is not triggered for view-source URLs. Although web content cannot navigate to these URLs, a user who opens View Source could inadvertently leak their IP address. **Recommendations** For Firefox versions prior to 84, update to version 84 or later. For Thunderbird versions prior to 78.6, update to version 78.6 or later. For Firefox ESR versions prior to 78.6, update to version 78.6 or later.