mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

tomcat: Calls to application listeners did not use the appropriate facade object

A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web...