Aki Helin

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 96.0.4664.110 Microsoft Edge (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma falha no ciclo de vida de objetos na biblioteca ANGLE, o que pode levar à corrupção da pilha. Um invasor remoto poderia potencialmente explorar essa vulnerabilidade por meio de uma página HTML maliciosa, permitindo-lhe executar código arbitrário ou causar uma negação de serviço. **Recomendações** Para versões do Google Chrome anteriores à 96.0.4664.110, atualize para a versão 96.0.4664.110 ou posterior para resolver o problema. Para o Microsoft Edge, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 96.0.4664.110 Microsoft Edge (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade do tipo “use after free” no Swiftshader, que pode ser explorada por um invasor remoto para, potencialmente, causar corrupção na pilha (heap) por meio de uma página HTML maliciosa. Isso poderia permitir que o invasor executasse código arbitrário ou causasse uma negação de serviço. **Recomendações** Para versões do Google Chrome anteriores à 96.0.4664.110, atualize para a versão 96.0.4664.110 ou posterior para resolver o problema. Para o Microsoft Edge, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 Firefox ESR versions prior to 38.6 **Description** The issue arises from a buffer overflow in the `BufferSubData` function due to incorrect handling of WebGL content. This can allow remote attackers to execute arbitrary code or cause a denial of service via specially crafted WebGL content. **Recommendations** For Mozilla Firefox versions prior to 44.0, update to version 44.0 or later. For Firefox ESR versions prior to 38.6, update to version 38.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 Firefox ESR versions prior to 38.2 **Description** The issue is related to the mozilla::AudioSink function mishandling inconsistent sample formats within MP3 audio data. This can be exploited by remote attackers via a malformed file, potentially leading to arbitrary code execution or a denial of service (out-of-bounds read). The vulnerability is also described as a buffer overflow. **Recommendations** For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR versions prior to 38.2, update to version 38.2 or later.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.4.5 Mozilla Firefox versions prior to 38.0 Firefox ESR 31.x versions prior to 31.7 Thunderbird versions prior to 31.7 **Description** The issue allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. **Recommendations** For GStreamer versions prior to 1.4.5, update to version 1.4.5 or later. For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later. For Firefox ESR 31.x versions prior to 31.7, update to version 31.7 or later. For Thunderbird versions prior to 31.7, update to version 31.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0 Firefox ESR 31.x versions prior to 31.6 Thunderbird versions prior to 31.6 **Description** The issue is related to a use-after-free vulnerability in the AppendElements function when the Fluendo MP3 plugin for GStreamer is used. This can be exploited by remote attackers via a crafted MP3 file, potentially leading to arbitrary code execution or a denial of service due to heap memory corruption. **Recommendations** For Mozilla Firefox versions prior to 37.0, update to version 37.0 or later. For Firefox ESR 31.x versions prior to 31.6, update to version 31.6 or later. For Thunderbird versions prior to 31.6, update to version 31.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 23.0 SeaMonkey versions prior to 2.20 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by utilizing a crafted WAV file. This is due to improper handling by the `nsCString::CharAt` function. **Recommendations** For Mozilla Firefox versions prior to 23.0, update to version 23.0 or later to resolve the issue. For SeaMonkey versions prior to 2.20, update to version 2.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 11.0 Firefox ESR versions 10.x before 10.0.4 Thunderbird versions 5.0 through 11.0 Thunderbird ESR versions 10.x before 10.0.4 SeaMonkey version before 2.9 **Description** The issue allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data, specifically in the `mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace` function. This is a use-after-free vulnerability. **Recommendations** For Mozilla Firefox versions 4.x through 11.0, update to a version after 11.0. For Firefox ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For Thunderbird versions 5.0 through 11.0, update to a version after 11.0. For Thunderbird ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For SeaMonkey version before 2.9, update to version 2.9 or later.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iOS versions prior to 5.1 WebKit, as used in Apple iTunes versions prior to 10.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iOS versions prior to 5.1, update to version 5.1 or later. For Apple iTunes versions prior to 10.6, update to version 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 17.0.963.46 Apple iTunes (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability that can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This is achieved through vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. **Recommendations** For Google Chrome versions prior to 17.0.963.46, update to version 17.0.963.46 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 16.0.912.63 **Description** The issue is related to the improper parsing of SVG documents, which can be exploited by remote attackers to cause a denial of service through an out-of-bounds read. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For Google Chrome versions prior to 16.0.912.63, update to version 16.0.912.63 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.2 on Windows **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.2 on Windows, update to version 10.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1.1 on Mac OS X 10.4 webkitgtk versions prior to 1.2.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a (1) font-face or (2) use element in an SVG document. This can lead to an application crash. **Recommendations** For Apple Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.1 or later. For Apple Safari versions prior to 4.1.1 on Mac OS X 10.4, update to version 4.1.1 or later. For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Safari versions prior to 4.1 on Mac OS X 10.4 **Description** The issue is related to an "API abuse issue" and allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. This is due to the improper handling of libxml contexts. **Recommendations** For Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Safari versions prior to 4.1 on Mac OS X 10.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via an SVG document with nested `use` elements. **Recommendations** For Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.

**Name of the Vulnerable Software and Affected Versions** gzip versions prior to 1.4 ncompress (affected versions not specified) **Description** The issue is related to an integer underflow in the unlzw function, which can be triggered by a crafted archive using LZW compression. This may lead to an array index error, causing a denial of service or potentially allowing the execution of arbitrary code. Multiple vulnerabilities in the ncompress package may compromise the confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For gzip versions prior to 1.4, update to version 1.4 or later to resolve the issue. For ncompress, at the moment, there is no information about a newer version that contains a fix for this vulnerability.