Christoph Diehl

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.96 **Description** A heap buffer overflow in the ANGLE library of Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This issue is related to the exploitation of heap buffer overflow, which can lead to arbitrary code execution. The severity of this issue is classified as High by Chromium security. **Recommendations** For Google Chrome versions prior to 116.0.5845.96, update to version 116.0.5845.96 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could exploit the heap buffer overflow in the ANGLE library until a patch is applied.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 101.0.4951.41 Microsoft Edge (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma implementação inadequada no WebGL, que é uma API de gráficos 3D. Isso poderia permitir que um invasor remoto explorasse potencialmente uma corrupção de heap por meio de uma página HTML maliciosa, levando possivelmente à execução de código arbitrário. **Recomendações** Para versões do Google Chrome anteriores à 101.0.4951.41, atualize para a versão 101.0.4951.41 ou posterior para resolver o problema. Para o Microsoft Edge, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 71 Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3 **Description** The issue is related to a memory safety bug that can be exploited by a remote attacker to access sensitive data, compromise data integrity, and cause a denial of service. The bug is associated with the lack of input size validation, allowing for potential memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 71, update to version 71 or later to resolve the issue. For Firefox ESR versions prior to 68.3, update to version 68.3 or later to resolve the issue. For Thunderbird versions prior to 68.3, update to version 68.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 65 **Description** The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker using a specially crafted web page. This could potentially allow the execution of arbitrary code or cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is evidence of memory corruption, and it is presumed that some of these bugs could be exploited with enough effort. **Recommendations** For versions prior to 65, update to version 65 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 65 Firefox ESR versions prior to 60.5 Thunderbird versions prior to 60.5 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to cause a denial of service or execute arbitrary code using a specially crafted web page. **Recommendations** For Firefox versions prior to 65, update to version 65 or later. For Firefox ESR versions prior to 60.5, update to version 60.5 or later. For Thunderbird versions prior to 60.5, update to version 60.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 62 Firefox ESR versions prior to 60.2 Thunderbird versions prior to 60.2.1 **Description** The issue is caused by memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code with enough effort. This affects various versions of Firefox, Firefox ESR, and Thunderbird. **Recommendations** For Firefox versions prior to 62, update to version 62 or later. For Firefox ESR versions prior to 60.2, update to version 60.2 or later. For Thunderbird versions prior to 60.2.1, update to version 60.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions 60 and earlier Firefox ESR versions 60 and earlier, 52.8 and earlier Thunderbird versions 60 and earlier, 52.9 and earlier **Description** The issue is caused by memory safety bugs, including buffer overflow in memory, which can lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. This can be achieved by a remote attacker using a specially crafted web page. **Recommendations** For Firefox versions 60 and earlier, update to version 61 or later. For Firefox ESR versions 60 and earlier, update to version 60.1 or later. For Firefox ESR versions 52.8 and earlier, update to version 52.9 or later. For Thunderbird versions 60 and earlier, update to version 60.1 or later. For Thunderbird versions 52.9 and earlier, update to version 52.9.1 or later. As a temporary workaround, consider restricting access to potentially vulnerable web pages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 60 Firefox ESR versions prior to 52.8 Thunderbird versions prior to 52.8 Thunderbird ESR versions prior to 52.8 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 60, update to version 60 or later. For Firefox ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 56 Firefox ESR versions prior to 52.4 Thunderbird versions prior to 52.4 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 56, update to version 56 or later. For Firefox ESR versions prior to 52.4, update to version 52.4 or later. For Thunderbird versions prior to 52.4, update to version 52.4 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50.1 Firefox ESR versions prior to 45.6 Thunderbird versions prior to 45.6 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 50.1, update to version 50.1 or later. For Firefox ESR versions prior to 45.6, update to version 45.6 or later. For Thunderbird versions prior to 45.6, update to version 45.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 49.0 Mozilla Firefox ESR 45.x versions prior to 45.4 Thunderbird versions prior to 45.4 **Description** The issue affects the browser engine, allowing remote attackers to cause a denial of service, which may result in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 49.0, update to version 49.0 or later. For Mozilla Firefox ESR 45.x versions prior to 45.4, update to version 45.4 or later. For Thunderbird versions prior to 45.4, update to version 45.4 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 48.0.2564.82 Opera (affected versions not specified) **Description** The issue is related to the UnacceleratedImageBufferSurface class in the Blink component, which mishandles the initialization mode. This allows remote attackers to obtain sensitive information from process memory via a crafted web site. **Recommendations** For Google Chrome versions prior to 48.0.2564.82, update to version 48.0.2564.82 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 25.0 Firefox ESR versions 17.x prior to 17.0.10 and 24.x prior to 24.1 Thunderbird versions prior to 24.1 Thunderbird ESR versions 17.x prior to 17.0.10 SeaMonkey versions prior to 2.22 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 25.0, update to version 25.0 or later. For Firefox ESR versions 17.x prior to 17.0.10, update to version 17.0.10 or later. For Firefox ESR versions 24.x prior to 24.1, update to version 24.1 or later. For Thunderbird versions prior to 24.1, update to version 24.1 or later. For Thunderbird ESR versions 17.x prior to 17.0.10, update to version 17.0.10 or later. For SeaMonkey versions prior to 2.22, update to version 2.22 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions 17.x prior to 17.0.1 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions 17.x prior to 17.0.1 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions 17.x prior to 17.0.1, update to version 17.0.1 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions 17.x prior to 17.0.1, update to version 17.0.1 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 Thunderbird versions prior to 15.0 SeaMonkey versions prior to 2.12 Summer Institute of Linguistics (SIL) Graphite 2 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This is related to the `Silf::readClassMap` and `Pass::readPass` functions. **Recommendations** For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For SeaMonkey versions prior to 2.12, update to version 2.12 or later. As a temporary workaround, consider disabling the `Silf::readClassMap` and `Pass::readPass` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 18.0.1025.168 Mozilla Firefox versions prior to 38.0 **Description** The Inter-process Communication (IPC) implementation does not properly validate messages, which has unspecified impact and attack vectors. **Recommendations** For Google Chrome versions prior to 18.0.1025.168, update to version 18.0.1025.168 or later. For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 4.0.1 **Description** The issue is related to the WebGL implementation, which does not properly restrict write operations. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via unspecified vectors. **Recommendations** For Mozilla Firefox versions 4.x through 4.0.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a document containing a crafted embedded OpenType font. **Recommendations** For Apple Mac OS X versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a document containing a crafted embedded font. **Recommendations** For versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** The issue is related to multiple buffer overflows in Apple Type Services (ATS) that allow remote attackers to execute arbitrary code. This can be achieved by using a document containing a crafted embedded TrueType font. **Recommendations** For versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.