firefox is vulnerable to authentication bypass. The vulnerability exists because certain pages do not have their FeaturePolicy fully initialized which allows an attacker to bypass the leaked device permissions into untrusted sub documents.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-40959
bugzilla.mozilla.org/show_bug.cgi?id=1782211
www.mozilla.org/security/advisories/mfsa2022-40/
www.mozilla.org/security/advisories/mfsa2022-41/
www.mozilla.org/security/advisories/mfsa2022-42/
www.rapid7.com/db/vulnerabilities/mfsa2022-40-cve-2022-40959/