The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird stem from insufficient validation of input data, allowing attackers to forge updates for add-ons.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to forge updates to extensions by using the X-certificate server from addons.mozilla.org, signed by a...