Yaniv Frank

**Name of the Vulnerable Software and Affected Versions** Windows ActiveX Data Objects (ADO) (affected versions not specified) **Description** A remote code execution issue exists due to the way ActiveX Data Objects (ADO) handle objects in memory. This allows remote attackers to execute arbitrary code and affect the system. The issue is related to a Use-After-Free error in Windows ActiveX Data Objects (ADO). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** A remote code execution issue exists due to errors when the IOleCvt interface renders ASP webpage content. This allows a remote attacker to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 65 Firefox ESR versions prior to 60.5 Thunderbird versions prior to 60.5 **Description** The issue is related to a use-after-free vulnerability that can occur while parsing an HTML5 stream with custom HTML elements. This results in the stream parser object being freed while still in use, potentially leading to a crash. The vulnerability can be exploited by a remote attacker using a specially crafted web page, allowing them to execute arbitrary code or cause a denial of service. **Recommendations** For Firefox versions prior to 65, update to version 65 or later to resolve the issue. For Firefox ESR versions prior to 60.5, update to version 60.5 or later to resolve the issue. For Thunderbird versions prior to 60.5, update to version 60.5 or later to resolve the issue.