Deian Stefan

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 78 Firefox ESR versions prior to 68.10 Thunderbird versions prior to 68.10.0 **Description** The issue is related to a buffer data boundary operation overflow. It may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The problem is also associated with confusion about ValueTags on JavaScript Objects, potentially leading to memory corruption and a crash. This issue specifically affects Firefox on ARM64 platforms. **Recommendations** For Firefox versions prior to 78, update to version 78 or later. For Firefox ESR versions prior to 68.10, update to version 68.10 or later. For Thunderbird versions prior to 68.10.0, update to version 68.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 68.7.0 Firefox ESR versions prior to 68.7 Firefox versions prior to 75 **Description** The issue is related to an out of bounds write that could occur when processing an image larger than 4 GB in `GMPDecodeData`. This could potentially be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, which may allow a remote attacker to execute arbitrary code using a specially crafted image. **Recommendations** For Thunderbird versions prior to 68.7.0, update to version 68.7.0 or later. For Firefox ESR versions prior to 68.7, update to version 68.7 or later. For Firefox versions prior to 75, update to version 75 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 68 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. It is also described as a buffer data boundary operation vulnerability, where exploitation could allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and minimizing browser usage until the update is applied.