Christian Holler

**Name of the Vulnerable Software and Affected Versions** Firefox version 150.0.1 Firefox ESR version 140.10.1 Firefox ESR version 115.35.1 **Description** Memory safety bugs exist that exhibit evidence of memory corruption, which could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox 150.0.1 to version 150.0.2. Update Firefox ESR 140.10.1 to version 140.10.2. Update Firefox ESR 115.35.1 to version 115.35.2.

**Name of the Vulnerable Software and Affected Versions** Firefox version 150.0.0 Firefox ESR version 140.10.0 Firefox ESR version 115.35.0 **Description** Memory safety bugs exist that exhibit evidence of memory corruption, which could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox 150.0.0 to version 150.0.1. Update Firefox ESR 140.10.0 to version 140.10.1. Update Firefox ESR 115.35.0 to version 115.35.1.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Firefox ESR to version 140.10. Update Thunderbird ESR to version 140.10. Update Firefox to version 150. Update Thunderbird to version 150.

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 115.34.1 and 140.9.1 Thunderbird versions prior to 149.0.2 and 140.9.1 Description Memory safety bugs are present in Firefox and Thunderbird, with some showing evidence of memory corruption. These bugs could potentially be exploited to run arbitrary code. Recommendations Update Firefox to version 149.0.2 or later. Update Firefox ESR to version 115.34.1 or 140.9.1 or later. Update Thunderbird to version 149.0.2 or later. Update Thunderbird ESR to version 140.9.1 or later.

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Thunderbird versions prior to 149.0.2 Description Memory safety bugs exist in Firefox 149.0.1 and Thunderbird 149.0.1. These bugs demonstrate evidence of memory corruption, and it is presumed that, with sufficient effort, they could be exploited to execute arbitrary code. The vulnerability involves writing beyond buffer boundaries. Recommendations Update Firefox to version 149.0.2 or later. Update Thunderbird to version 149.0.2 or later.

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 140.9.1 Thunderbird versions prior to 149.0.2 Thunderbird ESR versions prior to 140.9.1 Description Memory safety bugs are present in Firefox and Thunderbird, potentially leading to memory corruption and arbitrary code execution. These bugs were identified in versions ESR 140.9.0, 140.9.0, 149.0.1, and 149.0.1. Recommendations Update Firefox to version 149.0.2 or later. Update Firefox ESR to version 140.9.1 or later. Update Thunderbird to version 149.0.2 or later. Update Thunderbird ESR to version 140.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Thunderbird versions prior to 149 **Description** Memory safety issues exist in Firefox 148 and Thunderbird 148. These bugs demonstrate evidence of memory corruption, and it is presumed that, with sufficient effort, they could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 149 or later. Update Thunderbird to version 149 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** An object lifecycle issue in V8 allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. An out-of-bounds memory read occurs when a program reads data past the end or before the beginning of the intended memory buffer. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions 115.32 through 115.32 Firefox ESR versions 140.7 through 140.7 Thunderbird versions prior to 148 Thunderbird ESR versions 140.7 through 140.7 **Description** The software contains memory safety bugs, some of which demonstrate evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird ESR to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions 115.33 through 140.8 Thunderbird versions prior to 149 Thunderbird ESR versions 140.8 through 140.9 **Description** The software contains memory safety bugs, some of which demonstrate evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later, or version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird ESR to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 129 **Description** The issue is related to the Garbage Collector component of Mozilla Firefox, where there is a use-after-free error due to concurrent loading of the singleton global runtime and garbage collection. This could allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 129, update to version 129 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 122 **Description** The issue is related to the implementation of the WASM technology in Mozilla Firefox, caused by insufficient input validation. This could allow a remote attacker to cause a denial of service. Some WASM source files could have caused a crash when loaded in devtools. **Recommendations** For versions prior to 122, update to version 122 or later to resolve the issue. As a temporary workaround, consider restricting the use of WASM source files in devtools until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 118 **Description** The issue is related to a potential use-after-free in the Ion Engine, where a hashtable could have been mutated while there was a live interior reference, leading to an exploitable crash. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 118, update to version 118 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Ion Engine until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 116 Firefox ESR versions prior to 115.1 Thunderbird versions prior to 115.1 **Description** The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code. These bugs are present in the processing of HTML content and may cause memory corruption. The vulnerability could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later. For Thunderbird versions prior to 115.1, update to version 115.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8 **Description** The issue is related to the mishandling of PKCS 12 Safe Bag attributes, which could allow for arbitrary memory writes. This is due to improper bounds checking within a memory buffer. An attacker could exploit this issue to enable remote arbitrary memory writes. **Recommendations** For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 104 **Description** The issue is related to insufficient input validation when handling array element values, allowing a remote attacker to bypass security restrictions. An attacker could write a value to the first element in a zero-length JavaScript array without writing to an invalid memory address. **Recommendations** For versions prior to 104, update to version 104 or later to resolve the issue. As a temporary workaround, consider restricting the use of zero-length JavaScript arrays until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 96 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. It is associated with a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using a specially crafted website. **Recommendations** For versions prior to 96, update to version 96 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted websites to minimize the risk of exploitation. Avoid using Firefox for sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 96 Firefox ESR versions prior to 91.5 Thunderbird versions prior to 91.5 **Description** The issue is related to memory safety bugs present in the software, which can lead to memory corruption. With sufficient effort, these bugs could be exploited to run arbitrary code. The vulnerability is associated with incorrect limitation of operations within the bounds of a memory buffer when processing HTML content. This could allow a remote attacker to cause memory damage and execute arbitrary code on the target system. **Recommendations** For Firefox versions prior to 96, update to version 96 or later. For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 95 Firefox ESR versions prior to 91.4.0 Thunderbird versions prior to 91.4.0 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code with sufficient effort. It is also described as a buffer overflow vulnerability in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Firefox versions prior to 95, update to version 95 or later. For Firefox ESR versions prior to 91.4.0, update to version 91.4.0 or later. For Thunderbird versions prior to 91.4.0, update to version 91.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 94 Thunderbird versions prior to 91.3 Firefox ESR versions prior to 91.3 **Description** The issue is related to a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code. Memory safety bugs were found in Firefox 93 and Firefox ESR 91.2, showing evidence of memory corruption. It is presumed that these bugs could be exploited with enough effort. **Recommendations** For Firefox versions prior to 94, update to version 94 or later. For Thunderbird versions prior to 91.3, update to version 91.3 or later. For Firefox ESR versions prior to 91.3, update to version 91.3 or later.