Robert Strong

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 71 Mozilla Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3 **Description** The issue is related to errors in handling temporary files by the update service of Mozilla Firefox, Mozilla Firefox ESR, and the Thunderbird email client for Windows. Exploitation of this issue could allow an attacker to write status and log files to an unprotected directory. This requires local system access and only affects Windows, with other operating systems not being affected. **Recommendations** For Mozilla Firefox versions prior to 71, update to version 71 or later. For Mozilla Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Thunderbird versions prior to 68.3, update to version 68.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 23.0 **Description** The issue is related to untrusted search path vulnerabilities in the full installer and stub installer of Mozilla Firefox on Windows. This allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. **Recommendations** For versions prior to 23.0, update to version 23.0 or later to resolve the issue.