Bandha890

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 39.0 Mozilla Firefox ESR versions prior to 31.8 Mozilla Firefox ESR versions prior to 38.1 **Description** The vulnerability is related to a "type confusion" issue in the IndexedDB implementation, allowing remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. This issue is caused by the misinterpretation of an unspecified IDBDatabase field as a pointer, leading to memory corruption and application crash. **Recommendations** For Mozilla Firefox versions prior to 39.0, update to version 39.0 or later. For Mozilla Firefox ESR versions prior to 31.8, update to version 31.8 or later. For Mozilla Firefox ESR versions prior to 38.1, update to version 38.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 36.0 Firefox ESR versions 31.x prior to 31.5 Thunderbird versions prior to 31.5 **Description** A use-after-free issue in the `mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex` function allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption. This occurs when crafted content is improperly handled during IndexedDB index creation. **Recommendations** For Mozilla Firefox versions prior to 36.0, update to version 36.0 or later. For Firefox ESR versions 31.x prior to 31.5, update to version 31.5 or later. For Thunderbird versions prior to 31.5, update to version 31.5 or later.