Eric Lawrence

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: An improper resolution of path equivalence in Windows MapUrlToZone can allow an unauthorized attacker to bypass a security feature over a network. This security-feature bypass can affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows SmartScreen (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface of the Windows SmartScreen component, which is responsible for protection against phishing and malicious software. This can allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in the Windows SmartScreen component, which is associated with errors in security settings. Exploitation of this issue may allow a remote attacker to bypass security restrictions by opening a specially crafted malicious file. It has been reported that this issue is being exploited in the wild. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 112.0.5615.49 **Description** The issue is related to a use after free in Vulkan, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 112.0.5615.49, update to version 112.0.5615.49 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 97 **Description** The issue is related to the handling of USSD codes in tel: links. When a user clicks on such a link, USSD codes specified after a `*` character are included in the phone number. This could potentially lead to actions being performed on a user's account, similar to a cross-site request forgery attack, on certain phones or with certain carriers. **Recommendations** For Firefox for Android versions prior to 97, update to version 97 or later to resolve the issue. As a temporary workaround, consider avoiding clicking on tel: links that may contain USSD codes specified after a `*` character until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 85.0.4183.102 **Description** The issue is related to insufficient policy enforcement in the networking component of Google Chrome. This could allow a remote attacker to obtain potentially sensitive information from process memory, potentially through social engineering tactics that convince a user to enable logging. **Recommendations** For versions prior to 85.0.4183.102, update to version 85.0.4183.102 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Internet Explorer version 11 Description: A security feature bypass issue exists in Internet Explorer, allowing for the bypassing of Mark of the Web Tagging (MOTW). This means that a large number of Microsoft security technologies are bypassed when the MOTW is not set. Recommendations: For Internet Explorer version 11, ensure that the Mark of the Web Tagging (MOTW) is properly set to prevent bypassing of Microsoft security technologies.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 57 **Description** The issue is related to the browser ignoring leading characters in javascript URLs pasted into the address bar, potentially allowing remote attackers to conduct cross-site scripting attacks. This could be exploited through social engineering tactics, convincing users to copy and paste malicious text into the address bar, leading to self-cross-site-scripting (self-XSS) attacks. **Recommendations** For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider avoiding the copying and pasting of text into the address bar to minimize the risk of exploitation. Restrict access to potentially malicious websites and be cautious of social engineering attempts that may try to trick users into pasting harmful content into the address bar.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Firefox ESR versions prior to 45.8 Thunderbird versions prior to 52 Thunderbird versions prior to 45.8 **Description** The issue allows video files to load video captions cross-origin without checking for the presence of CORS headers, potentially leading to information disclosure for video captions. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Firefox ESR versions prior to 45.8, update to version 45.8 or later. For Thunderbird versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 45.8, update to version 45.8 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 7 through 11 **Description** The issue is related to the improper enforcement of Extended Validation (EV) SSL Certificate guidelines, which disallow the use of wildcard certificates. This could allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority. An attacker could bypass EV SSL certificate guidelines by using a wildcard certificate. EV SSL certificates issued by Certificate Authorities (CA) in compliance with Extended Validation (EV) SSL Certificate guidelines cannot be used to exploit this issue. **Recommendations** For Microsoft Internet Explorer versions 7 through 11, consider disabling the use of wildcard EV SSL certificates as a temporary workaround until a patch is available. Restrict access to websites using wildcard certificates to minimize the risk of exploitation. Avoid relying solely on EV SSL certificate guidelines for trust validation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.