Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence…

A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This…

Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren’t accounting for external URLs. Data could then…

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to…

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability…

Per origin notification permissions were being stored in a way that didn’t take into account what browsing context the permission was granted in. This lead…

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary…

Due to the Firefox GTK wrapper code’s use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged…

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a…

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10…