Description
Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI.
Mozilla: Use-after-free in nsSHistory.
Mozilla: A popup window could be resized in a way to overlay the address bar with web content.
Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11.
Mozilla: Undesired attributes could be set as part of prototype pollution.
Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid.
Mozilla: CSP bypass enabling stylesheet injection.
Mozilla: Unavailable PAC file resulted in OCSP requests being blocked.
Mozilla: Potential integer overflow in ReplaceElementsAt.