CVE-2023-1384
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOSÂ versions prior to 7.6.3.3.
Source: CVE-2023-1384