Jean-Yves Avenard

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 Firefox ESR versions prior to 60.1 Thunderbird versions prior to 60 **Description** The issue is related to memory safety bugs that can lead to memory corruption. It is presumed that with sufficient effort, these bugs could be exploited to run arbitrary code. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 61, update to version 61 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Thunderbird versions prior to 60, update to version 60 or later.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows 10 Windows 10 Servers **Description** A remote code execution issue exists due to improper handling of objects in memory. This allows remote attackers to execute arbitrary code and affect the system. **Recommendations** For Windows Server 2016, update to a version that properly handles objects in memory to prevent remote code execution. For Windows 10, update to a version that properly handles objects in memory to prevent remote code execution. For Windows 10 Servers, update to a version that properly handles objects in memory to prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 Firefox ESR versions prior to 38.2 **Description** The issue is related to a heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright. This allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data. **Recommendations** For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR versions prior to 38.2, update to version 38.2 or later.