Fabius Artrel

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** A use-after-free issue exists in the CSS Parsing and Computation component. This can potentially allow for unexpected behavior or crashes. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

Name of the Vulnerable Software and Affected Versions: Trend Micro Smart Protection Server (Standalone) versions 3.x Description: A SQL injection remote code execution issue exists due to a flaw in the handling of parameters provided to the `wcs bwlists handler.php` file. This could allow a remote attacker to execute arbitrary code on vulnerable installations. Authentication is required to exploit this issue. Recommendations: For Trend Micro Smart Protection Server (Standalone) versions 3.x, consider restricting access to the `wcs bwlists handler.php` file until a patch is available. As a temporary workaround, limit the handling of parameters provided to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.