This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application, when processing embedded elements with https/http protocols. When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing.Mitigation
Install update from vendor's website
Firefox ESR: 78.0 - 78.6.1, 68.0 - 68.12.0, 60.0 - 60.9.0
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?