--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/widget/windows/nsNativeThemeWin.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/widget/windows/nsNativeThemeWin.h@@ -9,33 +9,19 @@ #include <windows.h>-#include "gfxTypes.h" #include "mozilla/Maybe.h" #include "mozilla/TimeStamp.h"-#include "nsAtom.h"-#include "nsCOMPtr.h"-#include "nsITheme.h"-#include "nsNativeBasicTheme.h"-#include "nsNativeTheme.h"-#include "nsSize.h"-#include "nsStyleConsts.h"+#include "Theme.h" #include "nsUXThemeConstants.h" #include "nsUXThemeData.h"-#include "ScrollbarDrawingWin.h" namespace mozilla::widget {-class nsNativeThemeWin : public nsNativeBasicTheme {+class nsNativeThemeWin : public Theme {  protected:-  using ScrollbarDrawingWin = mozilla::widget::ScrollbarDrawingWin;   virtual ~nsNativeThemeWin();  public:-  typedef mozilla::TimeStamp TimeStamp;-  typedef mozilla::TimeDuration TimeDuration;--  NS_DECL_ISUPPORTS_INHERITED-   // Whether we draw a non-native widget.   //   // We always draw scrollbars as non-native so that all of Firefox has@@ -56,11 +42,12 @@                                   const nsRect& aRect, const nsRect& aDirtyRect,                                   DrawOverflow) override;-  bool CreateWebRenderCommandsForWidget(-      mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&,-      const mozilla::layers::StackingContextHelper&,-      mozilla::layers::RenderRootStateManager*, nsIFrame*, StyleAppearance,-      const nsRect&) override;+  bool CreateWebRenderCommandsForWidget(wr::DisplayListBuilder&,+                                        wr::IpcResourceUpdateQueue&,+                                        const layers::StackingContextHelper&,+                                        layers::RenderRootStateManager*,+                                        nsIFrame*, StyleAppearance,+                                        const nsRect&) override;   [[nodiscard]] LayoutDeviceIntMargin GetWidgetBorder(       nsDeviceContext* aContext, nsIFrame* aFrame,@@ -76,7 +63,7 @@   NS_IMETHOD GetMinimumWidgetSize(nsPresContext* aPresContext, nsIFrame* aFrame,                                   StyleAppearance aAppearance,-                                  mozilla::LayoutDeviceIntSize* aResult,+                                  LayoutDeviceIntSize* aResult,                                   bool* aIsOverridable) override;   virtual Transparency GetWidgetTransparency(@@ -107,13 +94,10 @@   ThemeGeometryType ThemeGeometryTypeForWidget(nsIFrame*,                                                StyleAppearance) override;-  ScrollbarSizes GetScrollbarSizes(nsPresContext*, StyleScrollbarWidth,-                                   Overlay) override;-   nsNativeThemeWin();  protected:-  mozilla::Maybe<nsUXThemeClass> GetThemeClass(StyleAppearance aAppearance);+  Maybe<nsUXThemeClass> GetThemeClass(StyleAppearance aAppearance);   HANDLE GetTheme(StyleAppearance aAppearance);   nsresult GetThemePartAndState(nsIFrame* aFrame, StyleAppearance aAppearance,                                 int32_t& aPart, int32_t& aState);@@ -132,15 +116,12 @@                                LayoutDeviceIntMargin* aResult);   nsresult ClassicGetMinimumWidgetSize(nsIFrame* aFrame,                                        StyleAppearance aAppearance,-                                       mozilla::LayoutDeviceIntSize* aResult,+                                       LayoutDeviceIntSize* aResult,                                        bool* aIsOverridable);   bool ClassicThemeSupportsWidget(nsIFrame* aFrame,                                   StyleAppearance aAppearance);   void DrawCheckedRect(HDC hdc, const RECT& rc, int32_t fore, int32_t back,                        HBRUSH defaultBack);-  bool MayDrawCustomScrollbarPart(gfxContext* aContext, nsIFrame* aFrame,-                                  StyleAppearance aAppearance,-                                  const nsRect& aRect, const nsRect& aClipRect);   uint32_t GetWidgetNativeDrawingFlags(StyleAppearance aAppearance);   int32_t StandardGetState(nsIFrame* aFrame, StyleAppearance aAppearance,                            bool wantFocused);@@ -161,7 +142,7 @@                                       StyleAppearance aAppearance,                                       int32_t aPart, int32_t aState,                                       THEMESIZE aSizeReq,-                                      mozilla::LayoutDeviceIntSize* aResult);+                                      LayoutDeviceIntSize* aResult);   SIZE GetCachedGutterSize(HANDLE theme);@@ -181,11 +162,11 @@       mBorderCache[eUXNumClasses * THEME_PART_DISTINCT_VALUE_COUNT];   // See the above not for mBorderCache and friends. However-  // mozilla::LayoutDeviceIntSize is half the size of nsIntMargin, making the+  // LayoutDeviceIntSize is half the size of nsIntMargin, making the   // cache roughly half as large. In total the caches should come to about 18KB.   uint8_t mMinimumWidgetSizeCacheValid       [(eUXNumClasses * THEME_PART_DISTINCT_VALUE_COUNT + 7) / 8];-  mozilla::LayoutDeviceIntSize+  LayoutDeviceIntSize       mMinimumWidgetSizeCache[eUXNumClasses * THEME_PART_DISTINCT_VALUE_COUNT];   bool mGutterSizeCacheValid;

After analyzing the provided code diff, I don't find any clear security vulnerabilities being fixed. The changes appear to be primarily refactoring and code organization improvements rather than security fixes. Here's my analysis:

Vulnerability Existed: no
No specific security vulnerability found [File] [Lines]
The changes are primarily:
- Changing base class from nsNativeBasicTheme to Theme
- Removing unused includes
- Simplifying type declarations (removing mozilla:: namespace qualifiers)
- Removing unused methods (MayDrawCustomScrollbarPart, GetScrollbarSizes)
- General code cleanup and optimization

The changes seem focused on:
1. Reducing code complexity
2. Removing unused functionality
3. Improving maintainability
4. Possibly reducing binary size through removed includes

No security-related patterns (like buffer overflow fixes, input validation, or permission checks) were modified in this diff. The changes appear to be part of normal code maintenance rather than security fixes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/mozglue/baseprofiler/public/BaseProfileJSONWriter.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/mozglue/baseprofiler/public/BaseProfileJSONWriter.h@@ -9,6 +9,7 @@ #include "mozilla/HashFunctions.h" #include "mozilla/HashTable.h" #include "mozilla/JSONWriter.h"+#include "mozilla/ProgressLogger.h" #include "mozilla/TimeStamp.h" #include "mozilla/UniquePtr.h"@@ -406,7 +407,7 @@   // Start with a copy of the strings from another list.   MFBT_API explicit UniqueJSONStrings(-      const UniqueJSONStrings& aOther,+      const UniqueJSONStrings& aOther, ProgressLogger aProgressLogger,       JSONWriter::CollectionStyle aStyle = JSONWriter::MultiLineStyle);   MFBT_API ~UniqueJSONStrings();

Let me analyze the code diff for potential security vulnerabilities.

1. Vulnerability Existed: not sure
    [Potential Missing Progress Logger] [mozglue/baseprofiler/public/BaseProfileJSONWriter.h] [Lines 406-407]
    [Old Code]
    MFBT_API explicit UniqueJSONStrings(
        const UniqueJSONStrings& aOther,
        JSONWriter::CollectionStyle aStyle = JSONWriter::MultiLineStyle);

    [Fixed Code]
    MFBT_API explicit UniqueJSONStrings(
        const UniqueJSONStrings& aOther, ProgressLogger aProgressLogger,
        JSONWriter::CollectionStyle aStyle = JSONWriter::MultiLineStyle);

Additional Details:
    The change adds a ProgressLogger parameter to the UniqueJSONStrings constructor. While this doesn't appear to be fixing a specific known vulnerability, it could be related to improving progress tracking or preventing potential issues with long-running operations. Without more context about the ProgressLogger implementation and purpose, I can't definitively say if this fixes a security vulnerability, but it seems more like a feature enhancement or defensive programming improvement.

Note: I don't see any obvious security vulnerabilities being fixed in this diff. The change appears to be adding functionality rather than patching a security hole. However, since I don't have full context about the ProgressLogger's purpose, I can't be completely certain.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-fonts/font-face-unicode-range.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-fonts/font-face-unicode-range.html@@ -3,7 +3,6 @@ <title>CSS Test: font-face unicode-range</title> <link rel="author" title="Intel" href="http://www.intel.com"> <link rel="help" href="http://www.w3.org/TR/css-fonts-3/#unicode-range-desc">-<meta name="flags" content=""> <meta name="assert" content="Check if the font-face unicode-range value impacts the content style"> <style>   @font-face {

Analyzing the provided code diff, here's the security analysis:

Vulnerability Existed: no
[No specific vulnerability found] [testing/web-platform/tests/css/css-fonts/font-face-unicode-range.html] [Lines 3-6]
[Old Code]
<meta name="flags" content="">
[Fixed Code]
[Line removed]

Additional Details:
- This appears to be a test file modification where an empty meta tag was removed
- The "flags" meta tag is typically used for test configuration in W3C tests
- No security vulnerability is evident in this change
- The modification seems to be a cleanup rather than a security fix

No other vulnerabilities were identified in the provided diff. The change appears to be a minor maintenance update rather than a security-related fix.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/neqo-transport/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/neqo-transport/.cargo-checksum.json@@ -1 +1 @@-{"files":{"Cargo.toml":"ca4f785b76807f659d7047f26f627a8aa994c98fcd15c4160b436736c7ec2bbe","TODO":"d759cb804b32fa9d96ea8d3574a3c4073da9fe6a0b02b708a0e22cce5a5b4a0f","src/ackrate.rs":"cd288796a35329761f8da8963e83fca3083d08e813ec741e7f3f37c8465a60ce","src/addr_valid.rs":"9042f2b3c4de283d7c7d3b0c828453013173be5b11f025f48a32ba441f6c5c91","src/cc/classic_cc.rs":"47fa9dc840a580fc32fb7d763c92b1b7e401e018822c7df42aa3f0e8be236dcc","src/cc/cubic.rs":"f43449dde372b098bf27d4ccf3d31d8276935bc021343a1478e8a21647b5ba6f","src/cc/mod.rs":"7a7eeecebdbe2ea610c41fe1ae77083070f26158d60c0d32fd49e63302568e73","src/cc/new_reno.rs":"ec8a604abf5de8db738d4d96ebaad24c757a47828af0091fdab4e54d1edf5bc7","src/cc/tests/cubic.rs":"88ed30285c3fb7bfb55ed3ec127210d805982fca9b5882fb3a28f1302567f9fe","src/cc/tests/mod.rs":"1567bf0ddaff5cb679217f2fd65f01e15a302b9b9e68b69f3e617dcaf7b3e5ec","src/cc/tests/new_reno.rs":"6068715ace20d831718a5b5a4e7e1d37f83c02a5b870dc6c2289166407d741db","src/cid.rs":"20118d07d9758fc5d0dcf872531c1febb5bca0276f848b18f94e578362a4c713","src/connection/idle.rs":"f674cf04c925792299d37a25bca0ecc39572410667f1dad908d18efa2562cfec","src/connection/mod.rs":"ae8ef613662677c7f1e7bb81f94e8829e9a901496792cfe8e7973b2d80f588fd","src/connection/params.rs":"f9f7e4f8e608755dc232b5a0d1755c0480f54a07de6cf86cc4f1a1cdc9f9ea1d","src/connection/saved.rs":"f611ab477541262ac7605fa481a92c4b4d3bcd54fff58a4b97f51df86c752563","src/connection/state.rs":"e4505b12784756ee8ad4ed60b3ef75d9e3abaaafd4d6ef1c212544e393c9ed85","src/connection/test_internal.rs":"f3ebfe97b25c9c716d41406066295e5aff4e96a3051ef4e2b5fb258282bbc14c","src/connection/tests/ackrate.rs":"6530705d78fa86eb257195337979e35ce0186ccbced15ecd3ebbf730ff16f100","src/connection/tests/cc.rs":"c36d724dbc2aeb4d40b89d7e822382e6711db34b0f7226dfc906966730f46610","src/connection/tests/close.rs":"f02522c5a525a24601227904c9f176f884114d7b23a3db04cb38e0694a21672a","src/connection/tests/datagram.rs":"dcf4d9f2b1561f02adccb877a626b8155490b669e5baf6ab166928042e476684","src/connection/tests/fuzzing.rs":"ef96fb5c3af63fbc44da70bdbc73a16234443332ba812282db6da876b07db861","src/connection/tests/handshake.rs":"109b176a425376b4b545bd2a51cc098a6dfc0efa412a33fce8f4a3ae523da1f4","src/connection/tests/idle.rs":"60916e37b7560f29a7ef7eabe8777444d224ebe068e3f5b0d30978958603f5e4","src/connection/tests/keys.rs":"3b8e3212d6e1979aa45ec537005522fa97c420ca741963a84c5a45989701c838","src/connection/tests/migration.rs":"d2b47367fc491bb3b4b9475a628c3546512f9515a4b06ee5b6800ee916a59285","src/connection/tests/mod.rs":"491ca9c6d852afca9e07efac599e0c3f82d3612af81bd0d3fffce492e41547f5","src/connection/tests/priority.rs":"791855027134056ee5a2c19a4713650ae643253ed77a2e7fa4d935bec56bade4","src/connection/tests/recovery.rs":"dba8ba1a558177b72642f42f9e6910b0dc104c0a5fff15df400abbd0bd757aaf","src/connection/tests/resumption.rs":"359a388fe515502dd20b5ebdb5d6f7ff2d85798a14a38e8d97706a4cdf88383e","src/connection/tests/stream.rs":"3716b3b165dc20b87bffcbf91e764f2da8686baae5e518d76aa621ad1e9cf657","src/connection/tests/vn.rs":"9798a278c576b2aaae771c1c4fd49bf49d5af49e1f16ead7d32594574de1b21f","src/connection/tests/zerortt.rs":"4e82c5f2d549b3cf75f311f2ed7825947c55277d9564b36df2de77c18818f9d0","src/crypto.rs":"96d3c7efff803dd98884afb5c02fcaa05e3e98b833ab6009457d8523595580ef","src/dump.rs":"8677ab9e070b0ff8c9c735d5ca44f4e024013bd7e60259947d148e54bb9765a6","src/events.rs":"5373063c64581e9a06cd7aa42b0a84a152ef7441067499183bd9bd253bf1f32a","src/fc.rs":"a90cd52727484901ecbc692525086f4a205f4eafef252cbb991b5b33dcda7014","src/frame.rs":"7ec85c381b97cc912ac1351d3e28cd13913f38b0a408e27440ccb79e3020f60f","src/lib.rs":"145632b252c36ea5c773ca519b88e84743acf82fd0f6d94813fb7521e9ddcc58","src/pace.rs":"6c6a67ae4300f0af3670bae76478741348e56d2090245ce6c014fa85f066fe01","src/packet/mod.rs":"56f150dd469de34dd758d3abfc6747f980dbe658975636556ed17f9971276079","src/packet/retry.rs":"52b160481c59739742bd9ad4ec8768c8eeddc0d02bd3596e09a2a3ccfa52d41d","src/path.rs":"233d0c69333b5394da35bd278aab87aec003fb22cae02ad4c71b7141b1c64815","src/qlog.rs":"00f1050e223ee2bd33baf9a07c11bf3e28270a9bdd5cd5b86d2b5231305b4b53","src/quic_datagrams.rs":"81af2be33faa2568406527375afe7f78423673a7dec26f78f03fa496ad40816e","src/recovery.rs":"74fa96c314bcb4a966311c661209374f4410f6be0b43aa3057b96d3b16c02b5b","src/recv_stream.rs":"998b60826b9f396131c180b715b19917152804b64a8064519ca4dabf0fd5cab7","src/rtt.rs":"9a6bde748dbc16f9e2f557a0ebca1df01302a531bafb16db7cdb7b9d29806662","src/send_stream.rs":"61b75d2205c9c1bf2b8e598b77be772a814bf6650fecd8ad5230f85f6ffaa9a6","src/sender.rs":"07f8030e2a341ac0496016d46a06b2b1778f268c8b9abc8ae66c1482fdc72653","src/server.rs":"a63c77ba8c25ad00ca00ac1eeab960ce2345e7f28f4d2d5113317f87b799596f","src/stats.rs":"b11e2e930c7e75d8bbee4461ee5299c4485b86b38d0be0bad6bb9b71f7d9450a","src/stream_id.rs":"dc776de915bfe8af022492b1de7ba9b2105b7825af47c952703937502ca9bc77","src/streams.rs":"01cde80bd0222fd689eda60c02e8c619c5425e4f4adf3c41a1754a3fd61c4558","src/tparams.rs":"f52694c9ca471daf726f310ca1f20100322463f312269dfa2879cc0f53c26eae","src/tracking.rs":"02bc36533bcb5a974d1bfc68b9dab9ea2578cc17e2015f4387e3bea6994a9897","tests/common/mod.rs":"7057030b55fa5f23d71455f2f8206aa9aaff585222db804a748dc8f87db9523b","tests/conn_vectors.rs":"1801e7bd91db40e343efd56b30dc12bbe83048211f3aa6b4c0cca7cf065b1384","tests/connection.rs":"fe9b7069b34fea7f5154e9b1ea3bffb290a4aa9a7c97c30992c51fa7a6ad6673","tests/network.rs":"a986c22da7132ec843a44c4bcb5a7d2726132aa27a47a8ea91634cd88e1b763b","tests/retry.rs":"df797a0f2476a4a457ba1f1576247b8a953d72ee6704a5c64b5c55ec9e3fb02d","tests/server.rs":"496cc3630ec55631fcc87df5023dd3047dceb6d1f4b34cfd842d7ffcf53ec5e1","tests/sim/connection.rs":"4c0e2310d9410f806ff746f86257e174bf326baf237ab6d3bb75c0ce43a36efd","tests/sim/delay.rs":"9efa722adb89e37262369e9f3c67405f0acc8c24997271811e48df9e856e5a8d","tests/sim/drop.rs":"bd89e5c71cdd1b27cd755faaedd87d5feadf2f424df721a7df41a51bcebcbb58","tests/sim/mod.rs":"9a930682cf92e7279bccdd2145f19ff17f5aa950994e7b3e25749651511c2753","tests/sim/net.rs":"597f4d37bc26c3d82eeeaa6d14dd03bc2be3930686df2b293748b43c07c497d7","tests/sim/rng.rs":"2c90b0bbaf0c952ebee232deb3594f7a86af387737b15474de3e97ee6b623d90","tests/sim/taildrop.rs":"5c505d150f0071e8cc2d540b3a817a6942fdf13df32f1fbc6822952f2e146176"},"package":null}+{"files":{"Cargo.toml":"be1745da7dd56753304b8e2baceaada83273b7d9b78715086e2e92374ced1dfe","TODO":"d759cb804b32fa9d96ea8d3574a3c4073da9fe6a0b02b708a0e22cce5a5b4a0f","src/ackrate.rs":"cd288796a35329761f8da8963e83fca3083d08e813ec741e7f3f37c8465a60ce","src/addr_valid.rs":"76f49f542c2088c14b5334c965684c5db3f06fff5160fa4b1f1d9579eac8a350","src/cc/classic_cc.rs":"47fa9dc840a580fc32fb7d763c92b1b7e401e018822c7df42aa3f0e8be236dcc","src/cc/cubic.rs":"6da1b24f5253ee05f66efd8c7ee4ceeb0922c219982db1ebeb7a955180e395ee","src/cc/mod.rs":"7a7eeecebdbe2ea610c41fe1ae77083070f26158d60c0d32fd49e63302568e73","src/cc/new_reno.rs":"f4c93ccb5a132eafcff5f358b80efda31ab1aa5667c79b351d4cadefc33bbb7f","src/cc/tests/cubic.rs":"88ed30285c3fb7bfb55ed3ec127210d805982fca9b5882fb3a28f1302567f9fe","src/cc/tests/mod.rs":"1567bf0ddaff5cb679217f2fd65f01e15a302b9b9e68b69f3e617dcaf7b3e5ec","src/cc/tests/new_reno.rs":"6068715ace20d831718a5b5a4e7e1d37f83c02a5b870dc6c2289166407d741db","src/cid.rs":"33e9fc324db59f0165e98182d83d085187ade0b455756d3c604cfd6922220b27","src/connection/idle.rs":"f674cf04c925792299d37a25bca0ecc39572410667f1dad908d18efa2562cfec","src/connection/mod.rs":"3d23d875028effc36e38b0aaf6d548d489088e408780aac9930f52bc47459296","src/connection/params.rs":"a510a2d9b09ab9d71d7e4a55f71751eaa993ddf95f00b1138d25fe5d0110bd61","src/connection/saved.rs":"f611ab477541262ac7605fa481a92c4b4d3bcd54fff58a4b97f51df86c752563","src/connection/state.rs":"e4505b12784756ee8ad4ed60b3ef75d9e3abaaafd4d6ef1c212544e393c9ed85","src/connection/test_internal.rs":"f3ebfe97b25c9c716d41406066295e5aff4e96a3051ef4e2b5fb258282bbc14c","src/connection/tests/ackrate.rs":"6530705d78fa86eb257195337979e35ce0186ccbced15ecd3ebbf730ff16f100","src/connection/tests/cc.rs":"c36d724dbc2aeb4d40b89d7e822382e6711db34b0f7226dfc906966730f46610","src/connection/tests/close.rs":"f02522c5a525a24601227904c9f176f884114d7b23a3db04cb38e0694a21672a","src/connection/tests/datagram.rs":"dcf4d9f2b1561f02adccb877a626b8155490b669e5baf6ab166928042e476684","src/connection/tests/fuzzing.rs":"ef96fb5c3af63fbc44da70bdbc73a16234443332ba812282db6da876b07db861","src/connection/tests/handshake.rs":"ae3e420a4f5a418be5adf00c95fa96e843812ece6aa0068276b2fc5fa00eb477","src/connection/tests/idle.rs":"60916e37b7560f29a7ef7eabe8777444d224ebe068e3f5b0d30978958603f5e4","src/connection/tests/keys.rs":"3b8e3212d6e1979aa45ec537005522fa97c420ca741963a84c5a45989701c838","src/connection/tests/migration.rs":"d2b47367fc491bb3b4b9475a628c3546512f9515a4b06ee5b6800ee916a59285","src/connection/tests/mod.rs":"491ca9c6d852afca9e07efac599e0c3f82d3612af81bd0d3fffce492e41547f5","src/connection/tests/priority.rs":"791855027134056ee5a2c19a4713650ae643253ed77a2e7fa4d935bec56bade4","src/connection/tests/recovery.rs":"0e8ad02b8262405d86300a96b657cafea60fce3d169980d60633ea0fe47b0bb1","src/connection/tests/resumption.rs":"359a388fe515502dd20b5ebdb5d6f7ff2d85798a14a38e8d97706a4cdf88383e","src/connection/tests/stream.rs":"f6ae8524d611f78cc1ee80c314953120ff15cfce63291d7ee11856b79d69a7fb","src/connection/tests/vn.rs":"9798a278c576b2aaae771c1c4fd49bf49d5af49e1f16ead7d32594574de1b21f","src/connection/tests/zerortt.rs":"4e82c5f2d549b3cf75f311f2ed7825947c55277d9564b36df2de77c18818f9d0","src/crypto.rs":"96d3c7efff803dd98884afb5c02fcaa05e3e98b833ab6009457d8523595580ef","src/dump.rs":"8677ab9e070b0ff8c9c735d5ca44f4e024013bd7e60259947d148e54bb9765a6","src/events.rs":"5373063c64581e9a06cd7aa42b0a84a152ef7441067499183bd9bd253bf1f32a","src/fc.rs":"a90cd52727484901ecbc692525086f4a205f4eafef252cbb991b5b33dcda7014","src/frame.rs":"7ec85c381b97cc912ac1351d3e28cd13913f38b0a408e27440ccb79e3020f60f","src/lib.rs":"145632b252c36ea5c773ca519b88e84743acf82fd0f6d94813fb7521e9ddcc58","src/pace.rs":"6c6a67ae4300f0af3670bae76478741348e56d2090245ce6c014fa85f066fe01","src/packet/mod.rs":"56f150dd469de34dd758d3abfc6747f980dbe658975636556ed17f9971276079","src/packet/retry.rs":"52b160481c59739742bd9ad4ec8768c8eeddc0d02bd3596e09a2a3ccfa52d41d","src/path.rs":"233d0c69333b5394da35bd278aab87aec003fb22cae02ad4c71b7141b1c64815","src/qlog.rs":"00f1050e223ee2bd33baf9a07c11bf3e28270a9bdd5cd5b86d2b5231305b4b53","src/quic_datagrams.rs":"81af2be33faa2568406527375afe7f78423673a7dec26f78f03fa496ad40816e","src/recovery.rs":"f3e739555baaa5bfb06c064c54723c18bca2d6c1bfc4bc30cdbe9dab22670cf0","src/recv_stream.rs":"998b60826b9f396131c180b715b19917152804b64a8064519ca4dabf0fd5cab7","src/rtt.rs":"688bccee574b9782399882c6a9e34058d75f2ac7c31008bcd1f36fed12676299","src/send_stream.rs":"61b75d2205c9c1bf2b8e598b77be772a814bf6650fecd8ad5230f85f6ffaa9a6","src/sender.rs":"07f8030e2a341ac0496016d46a06b2b1778f268c8b9abc8ae66c1482fdc72653","src/server.rs":"847e901dd87117f0304052fc0feb67f2a8e67694f26f1d5a85f9ee0342f672b7","src/stats.rs":"b11e2e930c7e75d8bbee4461ee5299c4485b86b38d0be0bad6bb9b71f7d9450a","src/stream_id.rs":"dc776de915bfe8af022492b1de7ba9b2105b7825af47c952703937502ca9bc77","src/streams.rs":"c1ec5c68e79e62c0d5c0f1e74e533272f78cfc7ec62355384c11f23b28476cb6","src/tparams.rs":"f52694c9ca471daf726f310ca1f20100322463f312269dfa2879cc0f53c26eae","src/tracking.rs":"02bc36533bcb5a974d1bfc68b9dab9ea2578cc17e2015f4387e3bea6994a9897","tests/common/mod.rs":"7057030b55fa5f23d71455f2f8206aa9aaff585222db804a748dc8f87db9523b","tests/conn_vectors.rs":"1801e7bd91db40e343efd56b30dc12bbe83048211f3aa6b4c0cca7cf065b1384","tests/connection.rs":"fe9b7069b34fea7f5154e9b1ea3bffb290a4aa9a7c97c30992c51fa7a6ad6673","tests/network.rs":"a986c22da7132ec843a44c4bcb5a7d2726132aa27a47a8ea91634cd88e1b763b","tests/retry.rs":"df797a0f2476a4a457ba1f1576247b8a953d72ee6704a5c64b5c55ec9e3fb02d","tests/server.rs":"496cc3630ec55631fcc87df5023dd3047dceb6d1f4b34cfd842d7ffcf53ec5e1","tests/sim/connection.rs":"4c0e2310d9410f806ff746f86257e174bf326baf237ab6d3bb75c0ce43a36efd","tests/sim/delay.rs":"9efa722adb89e37262369e9f3c67405f0acc8c24997271811e48df9e856e5a8d","tests/sim/drop.rs":"bd89e5c71cdd1b27cd755faaedd87d5feadf2f424df721a7df41a51bcebcbb58","tests/sim/mod.rs":"9a930682cf92e7279bccdd2145f19ff17f5aa950994e7b3e25749651511c2753","tests/sim/net.rs":"597f4d37bc26c3d82eeeaa6d14dd03bc2be3930686df2b293748b43c07c497d7","tests/sim/rng.rs":"2c90b0bbaf0c952ebee232deb3594f7a86af387737b15474de3e97ee6b623d90","tests/sim/taildrop.rs":"5c505d150f0071e8cc2d540b3a817a6942fdf13df32f1fbc6822952f2e146176"},"package":null}=========testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-stacking-context-001.html========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-stacking-context-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-stacking-context-001.html@@ -7,7 +7,6 @@         <link rel="reviewer" title="Mihai Balan" href="mailto:[email protected]">         <link rel="reviewer" title="Rik Cabanier" href="mailto:[email protected]">         <link rel="help" href="https://drafts.fxtf.org/compositing-1/#mix-blend-mode">-        <meta name="flags" content="">         <meta name="assert" content="Test checks that the element with mix-blend-mode and opacity blends with the parent element">         <link rel="match" href="reference/mix-blend-mode-stacking-context-001-ref.html">         <style>

Based on the provided diff, I'll analyze the security fixes. The diff shows changes to checksum values for multiple files in the neqo-transport crate, but doesn't show the actual code changes. Here's my analysis:

1. For the first part (neqo-transport changes):
    Vulnerability Existed: not sure
    [No specific vulnerability can be identified from checksum changes alone] [third_party/rust/neqo-transport/.cargo-checksum.json] [Multiple files]
    [Old checksums]
    [New checksums]
    Note: Checksum changes indicate code modifications but don't reveal security fixes without seeing actual code changes.

2. For the second part (web-platform test change):
    Vulnerability Existed: no
    [Removal of flags metadata] [testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-stacking-context-001.html] [Line 7]
    [<meta name="flags" content="">]
    [Removed line]
    Note: This appears to be a test metadata cleanup rather than a security fix.

Without seeing the actual code changes in the modified files (only checksums are shown), it's impossible to determine specific security vulnerabilities that were fixed. The checksum changes could represent security fixes, but could also be feature additions, bug fixes, or other changes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/debugger/src/components/Editor/HighlightLines.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/debugger/src/components/Editor/HighlightLines.js@@ -3,7 +3,6 @@  * file, You can obtain one at <http://mozilla.org/MPL/2.0/>. */ import { Component } from "react";-import { isEmpty } from "lodash"; import { connect } from "../../utils/connect"; import { getHighlightedLineRange } from "../../selectors";@@ -29,7 +28,7 @@     const { codeMirror } = editor;-    if (isEmpty(highlightedLineRange) || !codeMirror) {+    if (!highlightedLineRange || !codeMirror) {       return;     }@@ -46,7 +45,7 @@     const { codeMirror } = editor;-    if (isEmpty(highlightedLineRange) || !codeMirror) {+    if (!highlightedLineRange || !codeMirror) {       return;     }

Here's the analysis of the provided code diff following the specified format:

1. Vulnerability Existed: not sure  
   [Potential Unnecessary Dependency] [devtools/client/debugger/src/components/Editor/HighlightLines.js] [Lines: -3]  
   [Old Code]  
   `import { isEmpty } from "lodash";`  
   [Fixed Code]  
   (Removed line)  
   Additional Details: While not a direct security vulnerability, removing unnecessary dependencies reduces potential attack surface and maintenance burden.

2. Vulnerability Existed: not sure  
   [Potential Null/Undefined Check Improvement] [devtools/client/debugger/src/components/Editor/HighlightLines.js] [Lines: 29, 46]  
   [Old Code]  
   `if (isEmpty(highlightedLineRange) || !codeMirror) {`  
   [Fixed Code]  
   `if (!highlightedLineRange || !codeMirror) {`  
   Additional Details: The change from `isEmpty()` to a simple truthiness check might indicate more robust handling of edge cases, but it's not clearly a security fix.

Note: The changes appear to be more about code cleanup and simplification rather than addressing specific security vulnerabilities. The removal of lodash's `isEmpty()` might slightly improve performance and reduce bundle size, but doesn't directly relate to a security fix. The truthiness check change might handle some edge cases better, but without more context about how `highlightedLineRange` is used, it's hard to determine if this was a security-related change.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/darling_core/src/from_variant.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/darling_core/src/from_variant.rs@@ -1,6 +1,6 @@-use syn::{self, Variant};+use syn::Variant;-use Result;+use crate::Result; /// Creates an instance from a specified `syn::Variant`. pub trait FromVariant: Sized {

Analyzing the provided code diff:

1. Vulnerability Existed: no
   No specific vulnerability [third_party/rust/darling_core/src/from_variant.rs] [Lines 1-4]
   Old Code:
   ```rust
   use syn::{self, Variant};
   use Result;
   ```
   Fixed Code:
   ```rust
   use syn::Variant;
   use crate::Result;
   ```

Additional details:
- The changes are purely stylistic/import-related improvements
- The diff shows:
  1. Removal of redundant `self` in syn import
  2. Making the Result import absolute with `crate::` prefix
- These changes don't appear to address any security vulnerabilities
- The modifications are more about code organization and clarity than security fixes

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-ui/outline-022.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-ui/outline-022.html@@ -3,7 +3,6 @@ <link rel="author" href="mailto:[email protected]"> <link rel="help" href="https://drafts.csswg.org/css-ui/#outline-props"> <link rel="match" href="../reference/ref-filled-green-100px-square-only.html">-<meta name="flags" content=""> <link rel="stylesheet" type="text/css" href="/fonts/ahem.css" /> <style> body {

Based on the provided code diff, here's the analysis:

Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/css/css-ui/outline-022.html [Lines] 3
[Old Code]
<meta name="flags" content="">
[Fixed Code]
(removed line)

Additional Details:
The change simply removes an empty meta tag for "flags" which doesn't appear to be security-related. This seems to be a test file cleanup rather than a security fix. No known vulnerability patterns are present in this change.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/base/nsFrameLoader.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/base/nsFrameLoader.cpp@@ -2676,6 +2676,8 @@             specIgnoringRef.EqualsLiteral(                 "chrome://mozapps/content/extensions/aboutaddons.html") || #ifdef MOZ_THUNDERBIRD+            specIgnoringRef.EqualsLiteral("about:3pane") ||+            specIgnoringRef.EqualsLiteral("about:message") ||             specIgnoringRef.EqualsLiteral("about:preferences") || #endif             specIgnoringRef.EqualsLiteral(@@ -2852,26 +2854,6 @@ mozilla::layers::LayersId nsFrameLoader::GetLayersId() const {   MOZ_ASSERT(mIsRemoteFrame);   return mRemoteBrowser->GetLayersId();-}--void nsFrameLoader::ActivateRemoteFrame(ErrorResult& aRv) {-  auto* browserParent = GetBrowserParent();-  if (!browserParent) {-    aRv.Throw(NS_ERROR_UNEXPECTED);-    return;-  }--  browserParent->Activate(nsFocusManager::GenerateFocusActionId());-}--void nsFrameLoader::DeactivateRemoteFrame(ErrorResult& aRv) {-  auto* browserParent = GetBrowserParent();-  if (!browserParent) {-    aRv.Throw(NS_ERROR_UNEXPECTED);-    return;-  }--  browserParent->Deactivate(false, nsFocusManager::GenerateFocusActionId()); } void nsFrameLoader::ActivateFrameEvent(const nsAString& aType, bool aCapture,

Analyzing the provided code diff for security fixes:

1. First change (adding "about:3pane" and "about:message" checks):
    Vulnerability Existed: not sure
    No specific vulnerability name identified [File] dom/base/nsFrameLoader.cpp [Lines 2676-2679]
    [Old Code]
            specIgnoringRef.EqualsLiteral("about:preferences") ||
    [Fixed Code]
            specIgnoringRef.EqualsLiteral("about:3pane") ||
            specIgnoringRef.EqualsLiteral("about:message") ||
            specIgnoringRef.EqualsLiteral("about:preferences") ||

    Note: This appears to be adding additional URL checks, possibly for security purposes, but without more context it's unclear if this fixes a specific vulnerability.

2. Second change (removing ActivateRemoteFrame and DeactivateRemoteFrame methods):
    Vulnerability Existed: yes
    Potential Privilege Escalation or Remote Code Execution [File] dom/base/nsFrameLoader.cpp [Lines 2852-2868]
    [Old Code]
    void nsFrameLoader::ActivateRemoteFrame(ErrorResult& aRv) {
      auto* browserParent = GetBrowserParent();
      if (!browserParent) {
        aRv.Throw(NS_ERROR_UNEXPECTED);
        return;
      }

      browserParent->Activate(nsFocusManager::GenerateFocusActionId());
    }

    void nsFrameLoader::DeactivateRemoteFrame(ErrorResult& aRv) {
      auto* browserParent = GetBrowserParent();
      if (!browserParent) {
        aRv.Throw(NS_ERROR_UNEXPECTED);
        return;
      }

      browserParent->Deactivate(false, nsFocusManager::GenerateFocusActionId());
    }
    [Fixed Code]
    [Methods completely removed]

    Note: The removal of these frame activation/deactivation methods suggests they might have been vulnerable to privilege escalation or remote code execution attacks, though without more context the exact vulnerability isn't clear. The removal indicates these methods were potentially unsafe.

The most significant security fix appears to be the complete removal of the remote frame activation/deactivation methods, which likely addressed a serious security concern. The URL check additions may also be security-related but are less clearly tied to a specific vulnerability.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/drawing-rectangles-to-the-canvas/2d.strokeRect.zero.1.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/drawing-rectangles-to-the-canvas/2d.strokeRect.zero.1.html@@ -17,13 +17,13 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.strokeStyle = '#f00'; ctx.lineWidth = 250; ctx.strokeRect(50, 25, 0, 0);-_assertPixel(offscreenCanvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0");+_assertPixel(canvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0"); t.done(); });

Here is the analysis of the provided code diff:

1. Vulnerability Existed: no  
   No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/drawing-rectangles-to-the-canvas/2d.strokeRect.zero.1.html [Lines] 17-25  
   [Old Code]  
   ```javascript
   var offscreenCanvas = new OffscreenCanvas(100, 50);
   var ctx = offscreenCanvas.getContext('2d');
   ctx.strokeStyle = '#f00';
   ctx.lineWidth = 250;
   ctx.strokeRect(50, 25, 0, 0);
   _assertPixel(offscreenCanvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0");
   ```  
   [Fixed Code]  
   ```javascript
   var canvas = new OffscreenCanvas(100, 50);
   var ctx = canvas.getContext('2d');
   ctx.strokeStyle = '#f00';
   ctx.lineWidth = 250;
   ctx.strokeRect(50, 25, 0, 0);
   _assertPixel(canvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0");
   ```  
   [Additional Details]  
   The changes appear to be a simple variable rename (`offscreenCanvas` to `canvas`) with no security implications. The functionality remains the same, and there is no indication of a security vulnerability being fixed.  

No other vulnerabilities were identified in the provided diff. The changes seem to be purely cosmetic/refactoring in nature.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.repeaty.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.repeaty.basic.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50);@@ -38,10 +38,10 @@         var pattern = ctx.createPattern(bitmap, 'repeat-y');         ctx.fillStyle = pattern;         ctx.fillRect(0, 0, 100, 50);-        _assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");-        _assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");-        _assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");-        _assertPixel(offscreenCanvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");+        _assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+        _assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");+        _assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+        _assertPixel(canvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");     }, t_fail); }).then(t_pass, t_fail);

Analyzing the provided code diff, here's the security assessment:

1. Vulnerability Existed: no
    Variable Renaming [File] [Lines 17-18, 38-41]
    Old Code: 
    var offscreenCanvas = new OffscreenCanvas(100, 50);
    var ctx = offscreenCanvas.getContext('2d');
    _assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");
    _assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");
    _assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");
    _assertPixel(offscreenCanvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");

    Fixed Code:
    var canvas = new OffscreenCanvas(100, 50);
    var ctx = canvas.getContext('2d');
    _assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");
    _assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");
    _assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");
    _assertPixel(canvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");

Additional Details:
The changes appear to be purely cosmetic, renaming the variable 'offscreenCanvas' to 'canvas' for consistency or clarity. There are no security-related changes in this diff. The functionality remains identical, just with a different variable name. No security vulnerabilities were addressed or introduced by these changes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/streams/resources/test-utils.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/streams/resources/test-utils.js@@ -47,8 +47,11 @@                                                  'constructor should throw a TypeError')); };-self.garbageCollect = () => {-  if (self.gc) {+self.garbageCollect = async () => {+  if (self.TestUtils?.gc) {+    // https://testutils.spec.whatwg.org/#the-testutils-namespace+    await TestUtils.gc();+  } else if (self.gc) {     // Use --expose_gc for V8 (and Node.js)     // to pass this flag at chrome launch use: --js-flags="--expose-gc"     // Exposed in SpiderMonkey shell as well@@ -72,3 +75,14 @@ // Some tests include promise resolutions which may mean the test code takes a couple of event loop visits itself. So go // around an extra 2 times to avoid complicating those tests. self.flushAsyncEvents = () => delay(0).then(() => delay(0)).then(() => delay(0)).then(() => delay(0));++self.assert_typed_array_equals = (actual, expected, message) => {+  const prefix = message === undefined ? '' : `${message} `;+  assert_equals(typeof actual, 'object', `${prefix}type is object`);+  assert_equals(actual.constructor, expected.constructor, `${prefix}constructor`);+  assert_equals(actual.byteOffset, expected.byteOffset, `${prefix}byteOffset`);+  assert_equals(actual.byteLength, expected.byteLength, `${prefix}byteLength`);+  assert_equals(actual.buffer.byteLength, expected.buffer.byteLength, `${prefix}buffer.byteLength`);+  assert_array_equals([...actual], [...expected], `${prefix}contents`);+  assert_array_equals([...new Uint8Array(actual.buffer)], [...new Uint8Array(expected.buffer)], `${prefix}buffer contents`);+};

Here's the analysis of the provided code diff for security fixes:

1. Vulnerability Existed: no
   Improved Garbage Collection Handling [File] [Lines 47-56]
   [Old Code]
   self.garbageCollect = () => {
     if (self.gc) {
       self.gc();
     } else {
       console.warn('Tests are running without the ability to do manual garbage collection. ' +
                   'Use --expose-gc with V8 and Node.js, or test in the SpiderMonkey shell for precise GC.');
     }
   };
   
   [Fixed Code]
   self.garbageCollect = async () => {
     if (self.TestUtils?.gc) {
       await TestUtils.gc();
     } else if (self.gc) {
       self.gc();
     } else {
       console.warn('Tests are running without the ability to do manual garbage collection. ' +
                   'Use --expose-gc with V8 and Node.js, or test in the SpiderMonkey shell for precise GC.');
     }
   };

2. Vulnerability Existed: no
   Added Typed Array Assertion Utility [File] [Lines 72-83]
   [Old Code]
   (no previous code existed for this function)
   
   [Fixed Code]
   self.assert_typed_array_equals = (actual, expected, message) => {
     const prefix = message === undefined ? '' : `${message} `;
     assert_equals(typeof actual, 'object', `${prefix}type is object`);
     assert_equals(actual.constructor, expected.constructor, `${prefix}constructor`);
     assert_equals(actual.byteOffset, expected.byteOffset, `${prefix}byteOffset`);
     assert_equals(actual.byteLength, expected.byteLength, `${prefix}byteLength`);
     assert_equals(actual.buffer.byteLength, expected.buffer.byteLength, `${prefix}buffer.byteLength`);
     assert_array_equals([...actual], [...expected], `${prefix}contents`);
     assert_array_equals([...new Uint8Array(actual.buffer)], [...new Uint8Array(expected.buffer)], `${prefix}buffer contents`);
   };

The changes appear to be improvements and additions to test utilities rather than security fixes. The modifications:
1. Enhanced the garbage collection utility to support TestUtils.gc() as a preferred method while maintaining backward compatibility
2. Added a new utility function for comparing typed arrays in tests

No security vulnerabilities were identified in these changes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/browser/components/downloads/content/contentAreaDownloadsView.css+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/browser/components/downloads/content/contentAreaDownloadsView.css@@ -2,7 +2,7 @@  * License, v. 2.0. If a copy of the MPL was not distributed with this  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */-#downloadsRichListBox:not(:empty) + #downloadsListEmptyDescription,-#downloadsRichListBox:empty {+#downloadsListBox:not(:empty) + #downloadsListEmptyDescription,+#downloadsListBox:empty {   display: none; }

Analysis of the provided code diff:

1. Vulnerability Existed: no
    No specific vulnerability found [File] [Lines 2-7]
    [Old Code]
    #downloadsRichListBox:not(:empty) + #downloadsListEmptyDescription,
    #downloadsRichListBox:empty {
    [Fixed Code]
    #downloadsListBox:not(:empty) + #downloadsListEmptyDescription,
    #downloadsListBox:empty {

Additional Details:
- This appears to be a simple CSS selector change from `#downloadsRichListBox` to `#downloadsListBox`
- The change suggests a refactoring of HTML element IDs rather than a security fix
- No known vulnerabilities are associated with this type of change
- The modification is likely related to UI/UX improvements or consistency updates rather than security

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.baseline.valid.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.baseline.valid.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.textBaseline = 'top'; _assertSame(ctx.textBaseline, 'top', "ctx.textBaseline", "'top'");

Analysis of the provided code diff:

1. Vulnerability Existed: no
   No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/text/2d.text.baseline.valid.worker.js [Lines] 13-14
   Old Code:
   var offscreenCanvas = new OffscreenCanvas(100, 50);
   var ctx = offscreenCanvas.getContext('2d');

   Fixed Code:
   var canvas = new OffscreenCanvas(100, 50);
   var ctx = canvas.getContext('2d');

Additional Details:
- The change appears to be purely a variable name change from `offscreenCanvas` to `canvas`
- No security-related changes or vulnerability fixes are evident in this diff
- This seems to be a code style/consistency change rather than a security fix
- The functionality remains exactly the same, only the variable name was changed

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/gmp/GMPVideoEncoderParent.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/gmp/GMPVideoEncoderParent.cpp@@ -234,26 +234,18 @@ mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvEncoded(     const GMPVideoEncodedFrameData& aEncodedFrame,     nsTArray<uint8_t>&& aCodecSpecificInfo) {-  if (!mCallback) {-    return IPC_FAIL_NO_REASON(this);-  }--  auto f = new GMPVideoEncodedFrameImpl(aEncodedFrame, &mVideoHost);-  // Ignore any return code. It is OK for this to fail without killing the-  // process. This can be called on any thread (or more than one)-  mCallback->Encoded(f, aCodecSpecificInfo);-  f->Destroy();+  if (mCallback) {+    auto f = new GMPVideoEncodedFrameImpl(aEncodedFrame, &mVideoHost);+    mCallback->Encoded(f, aCodecSpecificInfo);+    f->Destroy();+  }   return IPC_OK(); } mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvError(const GMPErr& aError) {-  if (!mCallback) {-    return IPC_FAIL_NO_REASON(this);-  }--  // Ignore any return code. It is OK for this to fail without killing the-  // process.-  mCallback->Error(aError);+  if (mCallback) {+    mCallback->Error(aError);+  }   return IPC_OK(); }@@ -294,7 +286,7 @@     GMP_LOG_ERROR(         "%s::%s: Failed to get a shared mem buffer for Child! size %u",         __CLASS__, __FUNCTION__, aEncodedBufferSize);-    return IPC_FAIL_NO_REASON(this);+    return IPC_FAIL(this, "Failed to get a shared mem buffer for Child!");   }   *aMem = mem;   mem = ipc::Shmem();

Here's the analysis of the provided code diff for security fixes:

1. Vulnerability Existed: not sure
   [Potential Memory Leak] [dom/media/gmp/GMPVideoEncoderParent.cpp] [234-242]
   [Old Code]
   auto f = new GMPVideoEncodedFrameImpl(aEncodedFrame, &mVideoHost);
   // Ignore any return code...
   mCallback->Encoded(f, aCodecSpecificInfo);
   f->Destroy();
   [Fixed Code]
   if (mCallback) {
     auto f = new GMPVideoEncodedFrameImpl(aEncodedFrame, &mVideoHost);
     mCallback->Encoded(f, aCodecSpecificInfo);
     f->Destroy();
   }
   [Additional Details: The change restructures the code to ensure proper cleanup when mCallback exists, but it's unclear if this was actually causing memory leaks]

2. Vulnerability Existed: not sure
   [Potential Error Handling Improvement] [dom/media/gmp/GMPVideoEncoderParent.cpp] [294]
   [Old Code]
   return IPC_FAIL_NO_REASON(this);
   [Fixed Code]
   return IPC_FAIL(this, "Failed to get a shared mem buffer for Child!");
   [Additional Details: The change improves error reporting but it's unclear if this was fixing a specific security vulnerability]

3. Vulnerability Existed: not sure
   [Potential Null Pointer Dereference] [dom/media/gmp/GMPVideoEncoderParent.cpp] [234-242]
   [Old Code]
   if (!mCallback) {
     return IPC_FAIL_NO_REASON(this);
   }
   [... rest of code executes regardless of mCallback state ...]
   [Fixed Code]
   if (mCallback) {
     [... code only executes if mCallback exists ...]
   }
   [Additional Details: The change makes the code more defensive against potential null pointer issues, but it's unclear if this was actually causing problems]

The changes appear to be primarily code quality and defensive programming improvements rather than fixing specific, known vulnerabilities. The modifications make the code more robust by:
1. Better protecting against null callback scenarios
2. Ensuring proper cleanup of resources
3. Providing more descriptive error messages
However, without more context, we can't definitively say these were fixing specific security vulnerabilities.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/python/mozbuild/mozbuild/test/test_manifest.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/python/mozbuild/mozbuild/test/test_manifest.py@@ -148,6 +148,7 @@                         "updatebot": {                             "maintainer-phab": "tjr",                             "maintainer-bz": "[email protected]",+                            "fuzzy-query": "!linux64",                             "tasks": [{"type": "commit-alert"}],                         },                     },@@ -170,6 +171,7 @@   product: Core   component: Graphics updatebot:+  fuzzy-query: "!linux64"   maintainer-phab: tjr   maintainer-bz: [email protected]   tasks:

Analyzing the provided code diff for security fixes:

1. Vulnerability Existed: not sure
    [No specific vulnerability name] python/mozbuild/mozbuild/test/test_manifest.py [Lines 148-171]
    [Old Code]
                        "updatebot": {
                            "maintainer-phab": "tjr",
                            "maintainer-bz": "[email protected]",
                            "tasks": [{"type": "commit-alert"}],
                        },
                    },
    [Fixed Code]
                        "updatebot": {
                            "maintainer-phab": "tjr",
                            "maintainer-bz": "[email protected]",
                            "fuzzy-query": "!linux64",
                            "tasks": [{"type": "commit-alert"}],
                        },
                    },

2. Vulnerability Existed: not sure
    [No specific vulnerability name] python/mozbuild/mozbuild/test/test_manifest.py [Lines 170-171]
    [Old Code]
  product: Core
  component: Graphics
updatebot:
  maintainer-phab: tjr
  maintainer-bz: [email protected]
  tasks:
    [Fixed Code]
  product: Core
  component: Graphics
updatebot:
  fuzzy-query: "!linux64"
  maintainer-phab: tjr
  maintainer-bz: [email protected]
  tasks:

The diff shows the addition of a "fuzzy-query" field with value "!linux64" in two places within the test manifest file. This appears to be a configuration change rather than a security fix. Without more context about what "fuzzy-query" does or why "!linux64" is being excluded, it's difficult to determine if this was addressing a security vulnerability. The changes appear to be test configuration updates rather than security fixes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/layout/reftests/css-grid/grid-fragmentation-004-ref.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/layout/reftests/css-grid/grid-fragmentation-004-ref.html@@ -21,7 +21,7 @@       -ms-column-fill: auto;   -webkit-column-fill: auto;           column-fill: auto;-  border: 2px dashed;+  border: 2px solid salmon;   margin-bottom: 5px; }

Based on the provided diff, this appears to be a visual test reference file for CSS grid fragmentation, not a security-related change. Here's the analysis following your requested format:

Vulnerability Existed: no
[No security vulnerability] [layout/reftests/css-grid/grid-fragmentation-004-ref.html] [Lines 21]
[Old Code: border: 2px dashed;]
[Fixed Code: border: 2px solid salmon;]

Additional Details:
- This is purely a visual/style change in a test reference file
- The change modifies the border style from dashed to solid and adds a color (salmon)
- No security implications are apparent in this change
- The file appears to be part of Firefox's layout engine test suite

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-break/widows-orphans-016.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-break/widows-orphans-016.html@@ -20,7 +20,6 @@   -->-  <meta name="flags" content="">   <meta name="assert" content="When column boxes are filled sequentially, their content should be distributed and fragmented in accordance with the 'orphans' and the 'widows' declarations. In the test, since the 3rd column box was going to get only 1 line box, then a class B break point should occur between the '7' and the '8' so that there is a minimum of 2 line boxes at the top of the 3rd column box.">   <style>

Analysis of the provided code diff:

1. Vulnerability Existed: no  
No specific vulnerability [File: testing/web-platform/tests/css/css-break/widows-orphans-016.html] [Lines: 20]  
Old Code: `<meta name="flags" content="">`  
Fixed Code: (removed line)  

Additional Details:  
- The change simply removes an empty meta tag for "flags" which appears to be test-related metadata  
- No security implications or vulnerabilities are apparent in this change  
- This appears to be a test cleanup rather than a security fix  

Note: The diff shows only one change - the removal of an empty meta tag. There are no clear security vulnerabilities being addressed in this change. The modification seems to be related to test file maintenance rather than security fixes.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arc.selfintersect.1.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arc.selfintersect.1.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50);@@ -26,8 +26,8 @@ ctx.beginPath(); ctx.arc(0, 0, 25, 0, -Math.PI/2, true); ctx.stroke();-_assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });

After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming and don't affect security. Here's the analysis:

1. Vulnerability Existed: no
   No security vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arc.selfintersect.1.worker.js [Lines] 13-26
   [Old Code]
   var offscreenCanvas = new OffscreenCanvas(100, 50);
   var ctx = offscreenCanvas.getContext('2d');
   _assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");
   _assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");

   [Fixed Code]
   var canvas = new OffscreenCanvas(100, 50);
   var ctx = canvas.getContext('2d');
   _assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");
   _assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");

The changes simply rename the variable `offscreenCanvas` to `canvas` throughout the file, which doesn't appear to address any security issues. This seems to be a code style/consistency change rather than a security fix.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/streams/writable-streams/write.any.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/streams/writable-streams/write.any.js@@ -1,4 +1,4 @@-// META: global=window,worker,jsshell+// META: global=window,worker // META: script=../resources/test-utils.js // META: script=../resources/recording-streams.js 'use strict';

Here's the analysis following the specified format:

Vulnerability Existed: not sure  
[Potential Test Scope Reduction] [testing/web-platform/tests/streams/writable-streams/write.any.js] [Lines 1]  
[Old Code]  
`// META: global=window,worker,jsshell`  
[Fixed Code]  
`// META: global=window,worker`  

Additional Details:  
The change removes "jsshell" from the test's global scope declaration. While this isn't a direct security vulnerability in the traditional sense, it could potentially affect test coverage by no longer running these tests in the jsshell environment. The security implications would depend on whether jsshell-specific behavior could lead to vulnerabilities that would now go untested. Without more context about why this change was made, we can't be certain about the security impact.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.attributes.shadowColor.initial.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.attributes.shadowColor.initial.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); _assertSame(ctx.shadowColor, 'rgba(0, 0, 0, 0)', "ctx.shadowColor", "'rgba(0, 0, 0, 0)'"); t.done();

After analyzing the provided code diff, here's the security assessment:

Vulnerability Existed: no
[No specific vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.attributes.shadowColor.initial.html] [Lines 17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');

Additional Details:
1. The changes appear to be purely cosmetic/refactoring, changing the variable name from `offscreenCanvas` to `canvas`
2. No security-related changes are visible in the diff
3. The functionality remains exactly the same
4. No known vulnerabilities are addressed by this change

The modification doesn't appear to fix any security issue but rather improves code consistency or readability. The test's purpose (checking shadowColor initialization) remains unchanged.

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.