Andreas Pehrson

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 Firefox ESR versions prior to 140.5 **Description** A use-after-free issue exists in the WebRTC Audio/Video component. This can potentially allow for unexpected behavior or crashes. **Recommendations** Update Firefox to version 145 or later. Update Firefox ESR to version 140.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 105 Firefox ESR versions prior to 102.3 Thunderbird versions prior to 102.3 **Description** The issue is related to memory safety bugs, which could potentially be exploited to run arbitrary code. These bugs showed evidence of memory corruption. The vulnerability can be exploited by a remote attacker using a specially crafted website, potentially leading to memory damage and arbitrary code execution in the target system. **Recommendations** For Firefox versions prior to 105, update to version 105 or later. For Firefox ESR versions prior to 102.3, update to version 102.3 or later. For Thunderbird versions prior to 102.3, update to version 102.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 93 Firefox ESR versions prior to 91.2 Thunderbird versions prior to 78.15 Thunderbird versions prior to 91.2 **Description** The issue is related to memory safety bugs present in Firefox, which can lead to memory corruption. With sufficient effort, these bugs could be exploited to run arbitrary code. This allows a remote attacker to execute code in the system. **Recommendations** For Firefox versions prior to 93, update to version 93 or later. For Firefox ESR versions prior to 91.2, update to version 91.2 or later. For Thunderbird versions prior to 78.15, update to version 78.15 or later. For Thunderbird versions prior to 91.2, update to version 91.2 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86 Thunderbird versions prior to 78.8 Firefox ESR versions prior to 78.8 Description: A decoding error may occur when loading a cross-origin resource in an audio/video context, potentially revealing information about the resource. Recommendations: For Firefox versions prior to 86, update to version 86 or later. For Thunderbird versions prior to 78.8, update to version 78.8 or later. For Firefox ESR versions prior to 78.8, update to version 78.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Firefox ESR versions prior to 68.1 **Description** The issue is related to a lack of protection for service data. It may allow a remote attacker to gain unauthorized access to information. Additionally, there is a problem with WebRTC where malicious web content can use probing techniques on the `getUserMedia` API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification, potentially allowing for user fingerprinting. **Recommendations** For Firefox versions prior to 69, update to version 69 or later. For Firefox ESR versions prior to 68.1, update to version 68.1 or later. As a temporary workaround, consider disabling the `getUserMedia` API until a patch is available.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 58 Description: The issue is related to a flaw in the source confirmation mechanism, potentially allowing a remote attacker to gain unauthorized access to protected information. An audio capture session can be started under an incorrect origin, leading to user confusion about which site is making the request to capture an audio stream. Users are still prompted to allow the request, but the prompt may display the wrong origin. Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider restricting access to audio capture sessions to minimize the risk of exploitation. Avoid allowing audio capture requests from untrusted sites until the issue is resolved.