If a specific sequence of actions is performed when opening a new tab, the
triggering principal associated with the new tab may have been incorrect.
The triggering principal is used to calculate many values, including the
Referer
and Sec-*
headers, meaning there is the potential for incorrect
security checks within the browser in addition to incorrect or misleading
information sent to remote websites.
This bug only affects Firefox for Android. Other versions of Firefox are
unaffected. This vulnerability affects Firefox < 127.
Notes
Author |
Note |
tyhicks |
mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur |
starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap |