Andrew Mccreight

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions 140.10 through 150 Firefox versions 150 and earlier Firefox ESR versions 115.35 through 140.10 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Thunderbird to version 151 or 140.11. Update Firefox to version 151. Update Firefox ESR to version 115.36 or 140.11.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 150.0.3 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11 **Description** A sandbox escape exists in the Profile Backup component. A sandbox is a security mechanism for separating running programs, ensuring that code in a sandbox cannot access resources outside of it. **Recommendations** Update to version 150.0.3. Update to ESR version 115.36. Update to ESR version 140.11.

**Name of the Vulnerable Software and Affected Versions** Firefox version 150.0.1 Firefox ESR version 140.10.1 Firefox ESR version 115.35.1 **Description** Memory safety bugs exist that exhibit evidence of memory corruption, which could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox 150.0.1 to version 150.0.2. Update Firefox ESR 140.10.1 to version 140.10.2. Update Firefox ESR 115.35.1 to version 115.35.2.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR version 115.34 Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Firefox ESR 115.34 to version 115.35. Update Firefox ESR 140.9 to version 140.10. Update Thunderbird ESR 140.9 to version 140.10. Update Firefox 149 to version 150. Update Thunderbird 149 to version 150.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Firefox ESR to version 140.10. Update Thunderbird ESR to version 140.10. Update Firefox to version 150. Update Thunderbird to version 150.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Thunderbird versions prior to 148 **Description** The software contains memory safety bugs. Some of these bugs exhibited evidence of memory corruption, and it is presumed that, with sufficient effort, they could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 148 or later. Update Thunderbird to version 148 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 **Description** A sandbox escape exists within the Messaging System component. This allows for a potential security compromise. **Recommendations** Update Firefox to version 147 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird ESR versions prior to 140.8 **Description** The software contains memory safety bugs that exhibit evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird ESR to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions 115.32 through 115.32 Firefox ESR versions 140.7 through 140.7 Thunderbird versions prior to 148 Thunderbird ESR versions 140.7 through 140.7 **Description** The software contains memory safety bugs, some of which demonstrate evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird ESR to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 146.0.1 **Description** The software contains memory safety bugs that could potentially lead to memory corruption and arbitrary code execution. It is presumed that with sufficient effort, these bugs could be exploited. **Recommendations** Update to Firefox version 146.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 146 Thunderbird versions prior to 146 **Description** A use-after-free issue exists in the Audio/Video: GMP component. This condition may allow for unexpected behavior or potential compromise. **Recommendations** Update Firefox to version 146 or later. Update Thunderbird to version 146 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Thunderbird versions prior to 140 Description: The issue is related to memory safety bugs that have been identified in Firefox and Thunderbird. These bugs have shown evidence of memory corruption, and it is presumed that with sufficient effort, some of these could be exploited to run arbitrary code. Recommendations: For Firefox versions prior to 140, update to version 140 or later to resolve the issue. For Thunderbird versions prior to 140, update to version 140 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions 128.9 and earlier Thunderbird ESR versions 128.9 and earlier **Description** A memory safety bug is present, showing evidence of memory corruption. It is presumed that with enough effort, this could be exploited to run arbitrary code. **Recommendations** For Firefox ESR version 128.9 and earlier, update to version 128.10 or later. For Thunderbird ESR version 128.9 and earlier, update to version 128.10 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 138 Thunderbird versions prior to 138 **Description** An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. **Recommendations** For Firefox versions prior to 138, update to version 138 or later. For Thunderbird versions prior to 138, update to version 138 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 136.0.4 Mozilla Firefox ESR versions prior to 128.8.1 Mozilla Firefox ESR versions prior to 115.21.1 **Description** A critical vulnerability exists in Mozilla Firefox on Windows systems, allowing for a sandbox escape. This flaw is related to incorrect handling of inter-process communication (IPC) and could allow a compromised child process to gain unintended privileges, potentially leading to arbitrary code execution. The vulnerability was identified after a similar issue was found and patched in Google Chrome and has been actively exploited. The vulnerability affects the browser's sandbox, which is a security mechanism designed to isolate browser processes and prevent malicious code from accessing the underlying operating system. Exploitation of this vulnerability could allow an attacker to bypass these security measures and gain control of the affected system. **Recommendations** Update Firefox to version 136.0.4 or later. Update Firefox ESR to version 128.8.1 or later. Update Firefox ESR to version 115.21.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8 Thunderbird versions prior to 136 Thunderbird versions prior to 128.8 **Description** The issue is related to memory safety bugs that could potentially lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 115.21, update to version 115.21 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later. For Thunderbird versions prior to 136, update to version 136 or later. For Thunderbird versions prior to 128.8, update to version 128.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 136 Thunderbird versions prior to 136 **Description** The issue is related to memory safety bugs that could potentially lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 136, update to version 136 or later to resolve the issue. For Thunderbird versions prior to 136, update to version 136 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 135.0.1 Description: Memory safety bugs are present in Firefox, with some showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. Recommendations: For versions prior to 135.0.1, update to version 135.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Firefox ESR versions prior to 115.20 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 **Description** Memory safety bugs have been detected in Firefox and Thunderbird, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 135, update to version 135 or later. For Firefox ESR versions prior to 115.20, update to version 115.20 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 135, update to version 135 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 134 Firefox ESR versions prior to 128.6 Thunderbird versions prior to 134 Thunderbird versions prior to 128.6 **Description** The WebChannel API, used for transporting information across processes, did not properly check the sending principal, instead accepting the sent principal. This could have led to privilege escalation attacks. **Recommendations** For Firefox versions prior to 134, update to version 134 or later. For Firefox ESR versions prior to 128.6, update to version 128.6 or later. For Thunderbird versions prior to 134, update to version 134 or later. For Thunderbird versions prior to 128.6, update to version 128.6 or later.