If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "< 85"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "< 78.7"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "< 78.7"
}
]
}
]