Holger Fuhrmannek

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.1 macOS versions prior to 14.7 macOS versions prior to 15 iOS versions prior to 17.7 iOS versions prior to 18 iPadOS versions prior to 17.7 iPadOS versions prior to 18 visionOS versions prior to 2 **Description** The issue is related to processing maliciously crafted files, which may lead to heap corruption. **Recommendations** For macOS versions prior to 13.7.1, update to macOS Ventura 13.7.1 or later. For macOS versions prior to 14.7, update to macOS Sonoma 14.7 or later. For macOS versions prior to 15, update to macOS Sequoia 15 or later. For iOS versions prior to 17.7, update to iOS 17.7 or later. For iOS versions prior to 18, update to iOS 18 or later. For iPadOS versions prior to 17.7, update to iPadOS 17.7 or later. For iPadOS versions prior to 18, update to iPadOS 18 or later. For visionOS versions prior to 2, update to visionOS 2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.7.7 macOS versions prior to 12.6.6 macOS versions prior to 13.4 **Description** A buffer overflow issue was addressed with improved bounds checking. This issue may lead to an unexpected app termination or arbitrary code execution when parsing an office document. The exploitation of this issue may allow an attacker to cause a denial of service or execute arbitrary code. **Recommendations** For macOS versions prior to 11.7.7, update to macOS Big Sur 11.7.7 to resolve the issue. For macOS versions prior to 12.6.6, update to macOS Monterey 12.6.6 to resolve the issue. For macOS versions prior to 13.4, update to macOS Ventura 13.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 112 Firefox ESR versions prior to 102.10 Thunderbird versions prior to 102.10 **Description** A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. This issue requires local system access and only affects Windows, with other operating systems not being affected. **Recommendations** For Firefox versions prior to 112, update to version 112 or later to resolve the issue. For Firefox ESR versions prior to 102.10, update to version 102.10 or later to resolve the issue. For Thunderbird versions prior to 102.10, update to version 102.10 or later to resolve the issue. As a temporary workaround, consider restricting access to SMB servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8 **Description** The issue is related to a use-after-free in `ScriptLoadContext` due to uncancelled module load requests. This can potentially allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7 iPadOS versions prior to 15.7 macOS Big Sur versions prior to 11.7 **Description** The issue allows an app to bypass Privacy preferences. It was addressed with improved checks. **Recommendations** For iOS versions prior to 15.7, update to iOS 15.7 or later. For iPadOS versions prior to 15.7, update to iPadOS 15.7 or later. For macOS Big Sur versions prior to 11.7, update to macOS Big Sur 11.7 or later.

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 5.3.19 ILIAS versions prior to 5.4.12 ILIAS versions prior to 6.0 Description: An information disclosure issue allows remote authenticated attackers to obtain the upload data path via a workspace upload. Recommendations: For versions prior to 5.3.19, update to version 5.3.19 or later. For versions prior to 5.4.12, update to version 5.4.12 or later. For versions prior to 6.0, update to version 6.0 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 watchOS versions prior to 6.2.8 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 watchOS versions prior to 6.2.8 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 watchOS versions prior to 6.2.8 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 69 Mozilla Firefox ESR versions prior to 60.9 Mozilla Firefox ESR versions prior to 68.1 **Description** The issue is related to the lack of integrity checks in the Mozilla Maintenance Service for Windows, which can be exploited to escalate privileges. This can occur when the Firefox installer allows the browser to be installed in a custom, user-writable location, making it vulnerable to manipulation by unprivileged users or malware. If the Maintenance Service is altered to update this unprotected location and the updated service has been modified, it can run with elevated privileges during the update process. This attack requires local system access and only affects Windows. **Recommendations** For Mozilla Firefox versions prior to 69, update to version 69 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 60.9, update to version 60.9 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 68.1, update to version 68.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 62 Firefox ESR versions prior to 60.2 Thunderbird versions prior to 60.2.1 **Description** The issue is related to an out-of-bounds write that can be triggered when the Mozilla Updater opens a MAR format file containing a very long item filename, potentially leading to a crash. This can be exploited by running the Mozilla Updater manually on the local system with a malicious MAR file. The vulnerability may allow an attacker to execute arbitrary code using a specially crafted .MAR file. **Recommendations** For Firefox versions prior to 62, update to version 62 or later to resolve the issue. For Firefox ESR versions prior to 60.2, update to version 60.2 or later to resolve the issue. For Thunderbird versions prior to 60.2.1, update to version 60.2.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Bugzilla versions prior to 4.4 Description: A security issue allows a third-party website to access restricted information available to a user through the image generation feature in the report.cgi module. Recommendations: For versions prior to 4.4, update to version 4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.2 Firefox versions prior to 54 **Description** The issue arises from the Mozilla Maintenance Service's "helper.exe" application creating a temporary directory that can be written to by non-privileged users. This can be exploited by creating a junction, a form of symbolic link, allowing protected files in the target directory to be deleted by the Mozilla Maintenance Service, which has privileged access. This attack requires local system access and is specific to Windows, with other operating systems not being affected. **Recommendations** For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Firefox versions prior to 54, update to version 54 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.2 Firefox versions prior to 54 **Description** The issue allows a malicious user to manipulate files in the installation directory and escalate privileges by altering the location of the original file through a special path passed to the `callback` parameter via the Mozilla Maintenance Service. This requires local system access and only affects Windows, with other operating systems not being affected. **Recommendations** For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Firefox versions prior to 54, update to version 54 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 **Description** The issue is related to an out-of-bounds read in the Graphite2 Library. It occurs in the `graphite2::Silf::readGraphite` function. **Recommendations** For versions prior to 54, update to version 54 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 **Description** The issue is related to an out-of-bounds read in the Graphite2 Library. It occurs in the `graphite2::Pass::readPass` function, which suggests a problem with how data is accessed and processed. **Recommendations** For Firefox versions prior to 54, update to version 54 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 **Description** The issue is related to the use of uninitialized memory in the Graphite2 library. Specifically, it affects the graphite2::GlyphCache::Loader::read glyph function. **Recommendations** For versions prior to 54, update to version 54 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Graphite 2 versions prior to 54 Mozilla Firefox versions prior to 54 Mozilla Firefox ESR versions prior to 54 Description: The issue is caused by a heap-based buffer overflow in the lz4::decompress function of the Graphite 2 library. This can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. Recommendations: For Graphite 2 versions prior to 54, update to version 54 or later to resolve the issue. For Mozilla Firefox versions prior to 54, update to version 54 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 54, update to version 54 or later to resolve the issue.