Atte Kettunen

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The Audio/Video: Web Codecs component contains incorrect boundary conditions. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 **Description** An issue exists in the Graphics: WebGPU component due to incorrect boundary conditions. **Recommendations** Update to Firefox version 145 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 **Description** An issue exists in the Graphics: WebGPU component due to incorrect boundary conditions. **Recommendations** Update to Firefox version 145 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Firefox ESR versions prior to 115.20 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 **Description** An attacker could have caused a use-after-free via the `Custom Highlight API`, leading to a potentially exploitable crash. **Recommendations** For Firefox versions prior to 135, update to version 135 or later. For Firefox ESR versions prior to 115.20, update to version 115.20 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 135, update to version 135 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 131.0.3 **Description** The issue is related to the manipulation of the selection node cache, which may cause unexpected behavior and potentially lead to an exploitable crash. This could allow a remote attacker to cause a denial of service. The vulnerability is associated with incorrect clearance or release of resources in the Selection Node Cache component of Mozilla Firefox. **Recommendations** For versions prior to 131.0.3, upgrade Firefox to version 131.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious websites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 107 Firefox ESR versions prior to 102.5 Thunderbird versions prior to 102.5 **Description** The issue is related to the use of `nsIInputStream` interfaces in Firefox, Firefox ESR, and Thunderbird, which could lead to a use-after-free condition and potentially exploitable crash. This could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 107, update to version 107 or later. For Firefox ESR versions prior to 102.5, update to version 102.5 or later. For Thunderbird versions prior to 102.5, update to version 102.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 101 Firefox ESR versions prior to 91.10 Thunderbird versions prior to 91.10 **Description** A malicious webpage could cause an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. The issue is related to buffer copying without checking the size of input data in the WebGL API for 3D graphics in browsers. Exploitation of this issue may allow a remote attacker to cause a denial of service using a specially crafted malicious webpage. **Recommendations** For Firefox versions prior to 101, update to version 101 or later. For Firefox ESR versions prior to 91.10, update to version 91.10 or later. For Thunderbird versions prior to 91.10, update to version 91.10 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 91.5 Firefox versions prior to 96 Thunderbird versions prior to 91.5 **Description** The issue is related to a heap-buffer-overflow that could lead to a potentially exploitable crash, caused by applying a CSS filter effect that accesses out of bounds memory. This could allow a remote attacker to execute arbitrary code in the target system by exploiting the buffer overflow vulnerability in the `blendGaussianBlur` function of the affected software. **Recommendations** For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Firefox versions prior to 96, update to version 96 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 105 Firefox ESR versions prior to 102.6 Thunderbird versions prior to 102.6 **Description** The issue is related to a use-after-free error, which occurs when memory is accessed after it has been freed. This could potentially lead to a crash and allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Firefox versions prior to 105, update to version 105 or later. For Firefox ESR versions prior to 102.6, update to version 102.6 or later. For Thunderbird versions prior to 102.6, update to version 102.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 64 Firefox ESR versions prior to 60.4 Thunderbird versions prior to 60.4 **Description** A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit, resulting in a potentially exploitable crash. The issue is related to a buffer overflow in the Skia library, which may allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Firefox versions prior to 64, update to version 64 or later. For Firefox ESR versions prior to 60.4, update to version 60.4 or later. For Thunderbird versions prior to 60.4, update to version 60.4 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 65.0.3325.146 Opera versions prior to 65.0.3325.146 **Description** The issue is related to an integer overflow leading to use after free in PDFium, which can potentially allow a remote attacker to exploit heap corruption via a crafted PDF file. **Recommendations** For Google Chrome versions prior to 65.0.3325.146, update to version 65.0.3325.146 or later. For Opera versions prior to 65.0.3325.146, update to a version that includes the fix for this issue, as the exact version is not specified.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 **Description** The issue is related to improper handling of objects in memory, which could allow a remote attacker to execute arbitrary code in the context of the current user by using a specially crafted website. If the current user has administrative rights, the attacker could gain control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2, update to a version that properly handles objects in memory to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 52, update to version 52 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** A buffer overflow read occurs during SVG filter color value operations, resulting in data exposure. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 52, update to version 52 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** A segmentation fault can occur during some bidirectional layout operations. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 52, update to version 52 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 53 Firefox ESR versions prior to 52.1 Firefox ESR versions prior to 45.9 Thunderbird versions prior to 52.1 **Description** A buffer overflow in the WebGL component of the affected browsers and email client can be triggered by web content, potentially resulting in a crash. This issue may allow a remote attacker to cause a denial of service. **Recommendations** For Firefox versions prior to 53, update to version 53 or later. For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Firefox ESR versions prior to 45.9, update to version 45.9 or later. For Thunderbird versions prior to 52.1, update to version 52.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 51 **Description** A memory corruption issue in Skia can occur when using transforms to make gradients, resulting in a potentially exploitable crash. **Recommendations** For versions prior to 51, update to version 51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50.1 **Description** A buffer overflow in SkiaGl occurs when a GrGLBuffer is truncated during allocation, potentially leading to a crash when later writers overflow the buffer. **Recommendations** For versions prior to 50.1, update to version 50.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux Google Chrome version 54.0.2840.85 for Android **Description** The issue incorrectly handled object lifecycles during shutdown, allowing a remote attacker to perform an out of bounds memory read via crafted HTML pages. **Recommendations** For Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux, update to version 54.0.2840.59 or later. For Google Chrome version 54.0.2840.85 for Android, update to a version later than 54.0.2840.85.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 49.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash. This is achieved via a Content Security Policy (CSP) referrer directive with zero values. **Recommendations** For versions prior to 49.0, update to version 49.0 or later to resolve the issue.