Cesar Pereida Garcia

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 68.9.0 Firefox versions prior to 77 Thunderbird versions prior to 68.9.0 **Description** The issue is related to a DSA signature vulnerability in web browsers and a mail client, which can lead to information disclosure through inconsistency. Exploitation of this issue may allow an attacker to access confidential data. The vulnerability is due to timing differences when performing DSA signatures, which can eventually leak private keys. **Recommendations** For Firefox ESR versions prior to 68.9.0, update to version 68.9.0 or later. For Firefox versions prior to 77, update to version 77 or later. For Thunderbird versions prior to 68.9.0, update to version 68.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** A elevation of privilege vulnerability exists in the Android media framework, specifically in libstagefright. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.