Masayuki Nakano

**Nome do Software Vulnerável e Versões Afetadas** Versões do Firefox anteriores à 139 Versões do Firefox ESR anteriores à 128.11 Versões do Thunderbird anteriores à 139 Versões do Thunderbird ESR anteriores à 128.11 **Descrição** O problema está relacionado a bugs de segurança de memória que foram identificados no software afetado. Esses bugs apresentaram evidências de corrupção de memória, e presume-se que, com esforço suficiente, alguns deles poderiam ser explorados para executar código arbitrário. **Recomendações** Para versões do Firefox anteriores à 139, atualize para a versão 139 ou posterior. Para versões do Firefox ESR anteriores à 128.11, atualize para a versão 128.11 ou posterior. Para versões do Thunderbird anteriores à 139, atualize para a versão 139 ou posterior. Para versões do Thunderbird ESR anteriores à 128.11, atualize para a versão 128.11 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Firefox anteriores à 95 Versões do Firefox ESR anteriores à 91.4.0 Versões do Thunderbird anteriores à 91.4.0 **Descrição** O problema está relacionado a falhas de segurança de memória, incluindo evidências de corrupção de memória, que poderiam ser potencialmente exploradas para executar código arbitrário com esforço suficiente. Também é descrito como uma vulnerabilidade de estouro de buffer na memória, permitindo que um invasor remoto execute código arbitrário ou cause uma negação de serviço. **Recomendações** Para versões do Firefox anteriores à 95, atualize para a versão 95 ou posterior. Para versões do Firefox ESR anteriores à 91.4.0, atualize para a versão 91.4.0 ou posterior. Para versões do Thunderbird anteriores à 91.4.0, atualize para a versão 91.4.0 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 66 Firefox ESR versions prior to 60.6 Thunderbird versions prior to 60.6 **Description** The issue is related to memory safety bugs and buffer copying without checking the size of input data, which could potentially be exploited to run arbitrary code. This may lead to memory corruption. **Recommendations** For Firefox versions prior to 66, update to version 66 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Thunderbird versions prior to 60.6, update to version 60.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 55 Firefox ESR versions prior to 52.3 Thunderbird versions prior to 52.3 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 55, update to version 55 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Thunderbird versions prior to 52.3, update to version 52.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 Firefox ESR versions prior to 52.2 Thunderbird versions prior to 52.2 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 54, update to version 54 or later. For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Thunderbird versions prior to 52.2, update to version 52.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 24.0 Thunderbird versions prior to 24.0 SeaMonkey versions prior to 2.21 **Description** The issue is related to the NativeKey widget, which incorrectly processes key messages after its destruction by a dispatched event listener. This can be exploited by remote attackers to cause a denial of service, resulting in an application crash. The exploitation is possible due to incorrect event usage after widget-memory reallocation. **Recommendations** For Mozilla Firefox versions prior to 24.0, update to version 24.0 or later. For Thunderbird versions prior to 24.0, update to version 24.0 or later. For SeaMonkey versions prior to 2.21, update to version 2.21 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 10.0 Mozilla Firefox version 3.6.28 and earlier Firefox ESR 10.x versions prior to 10.0.3 Thunderbird versions 5.0 through 10.0 Thunderbird version 3.1.20 and earlier Thunderbird ESR 10.x versions prior to 10.0.3 SeaMonkey version 2.8 and earlier **Description** The nsWindow implementation in the browser engine does not check the validity of an instance after event dispatching, allowing remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. **Recommendations** For Mozilla Firefox versions 4.x through 10.0, update to version 10.0.3 or later. For Mozilla Firefox version 3.6.28 and earlier, update to version 3.6.28 or later. For Firefox ESR 10.x versions prior to 10.0.3, update to version 10.0.3 or later. For Thunderbird versions 5.0 through 10.0, update to version 10.0.3 or later. For Thunderbird version 3.1.20 and earlier, update to version 3.1.20 or later. For Thunderbird ESR 10.x versions prior to 10.0.3, update to version 10.0.3 or later. For SeaMonkey version 2.8 and earlier, update to version 2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.1 Mozilla versions prior to 1.7.6 **Description** The issue allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. **Recommendations** For Firefox versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. For Mozilla versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider avoiding the download of .LNK files from untrusted sources until the issue is resolved.