CVE-2024-5687

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox for Android versions prior to 127

Description: The issue is related to insufficient access control due to incorrect handling of the Principal object when opening new tabs. This could allow a remote attacker to bypass security restrictions and impact the integrity of protected information. If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may be incorrect, leading to potential incorrect security checks within the browser and incorrect or misleading information sent to remote websites.

Recommendations: For Mozilla Firefox for Android versions prior to 127, update to version 127 or later to resolve the issue. As a temporary workaround, consider restricting the use of new tabs until a patch is available. Avoid using the Referer and Sec-* headers in the affected browser version until the issue is resolved.