Dalmurino

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8 **Description** A compromised content process could trigger a use-after-free in the Browser process by sending bad StreamData over AudioIPC. This issue could have led to a sandbox escape. **Recommendations** For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 115.21, update to version 115.21 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 129 Firefox ESR versions prior to 115.14 Firefox ESR versions prior to 128.1 Thunderbird versions prior to 128.1 Thunderbird versions prior to 115.14 **Description** The issue is related to insufficient checks when processing graphics shared memory, which could lead to memory corruption and potentially allow an attacker to perform a sandbox escape. This is also described as an error related to data type mixing, which could enable a remote attacker to escape the isolated software environment. **Recommendations** For Firefox versions prior to 129, update to version 129 or later. For Firefox ESR versions prior to 115.14, update to version 115.14 or later. For Firefox ESR versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 115.14, update to version 115.14 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Thunderbird versions prior to 128 **Description** The vulnerability is related to the clipboard code failing to check the index on an array access, which could lead to an out-of-bounds read. This issue may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For Firefox versions prior to 128, update to version 128 or later to resolve the issue. For Thunderbird versions prior to 128, update to version 128 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.