'AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding' and 'AppendEncodedCharacters' could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox less than 124, Firefox ESR less than 115.9, and Thunderbird less than 115.9. Using a markup injection an attacker could have stolen nonce values. This ...