A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.CreditsAmeen Basha M KReferenceshttps://bugzilla.mozilla.org/show_bug.cgi?id=1954137https://www.mozilla.org/security/advisories/mfsa2025-42/https://www.mozilla.org/security/advisories/mfsa2025-44/https://www.mozilla.org/security/advisories/mfsa2025-45/https://www.mozilla.org/security/advisories/mfsa2025-46/
