Code injection

Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...

Security Vulnerabilities fixed in Firefox 107 — Mozilla

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. Through a series of popup and window.print calls, an...