firefox is vulnerable to cross site scripting. The vulnerability exists due to the system allowing a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection.
bugzilla.mozilla.org/show_bug.cgi?id=1730935
lists.debian.org/debian-lts-announce/2021/12/msg00030.html
lists.debian.org/debian-lts-announce/2022/01/msg00001.html
secdb.alpinelinux.org/edge/community.yaml
security.gentoo.org/glsa/202202-03
security.gentoo.org/glsa/202208-14
www.debian.org/security/2021/dsa-5026
www.debian.org/security/2022/dsa-5034
www.mozilla.org/security/advisories/mfsa2021-48/
www.mozilla.org/security/advisories/mfsa2021-49/
www.mozilla.org/security/advisories/mfsa2021-50/