Igor Morgenstern

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5. Update watchOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** versions not specified **Description** An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. A use after free can lead to data corruption, crashes, or arbitrary code execution. The issue affects clients that use TLSA records with both PKIX-TA(0/PKIX-EE(1)) and DANE-TA(2) certificate usages. Clients that treat PKIX TLSA records as unusable or support only PKIX usages are not vulnerable. The client must also communicate with a server publishing a TLSA RRset with both types of TLSA records. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description A NULL pointer dereference can occur during the processing of a delta CRL containing a Delta CRL Indicator extension if the required CRL Number extension is missing. This can lead to a denial of service. Exploitation requires the X509 V FLAG USE DELTAS flag to be enabled, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG FRESHEST flag set, and an attacker providing a malformed CRL. The issue is limited to denial of service and cannot be escalated to code execution or memory disclosure. Recommendations OpenSSL versions 3.0 through 3.6: Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions 2.0 through 2.42 **Description** The GNU C Library contains a flaw where calling `getnetbyaddr` or `getnetbyaddr r` with a configured `nsswitch.conf` that specifies the library's DNS backend for networks, and querying for a zero-valued network, can lead to the disclosure of stack contents to the configured DNS resolver. This can potentially bypass Address Space Layout Randomization (ASLR), leak credentials, expose cryptographic keys, and facilitate the exploitation of other memory corruption flaws. The issue stems from insufficient validation in the glibc DNS resolution functions, causing uninitialized stack memory to be transmitted to DNS resolvers. The functions `getnetbyaddr()` and `getnetbyaddr r()` are implicated in this information exposure. **Recommendations** Update to glibc version 2.43 or later when available via distribution security updates. Modify `/etc/nsswitch.conf` to remove DNS from network resolution (networks: files). Audit DNS traffic for anomalous queries and review applications invoking network resolution functions with zero parameters.

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions 2.30 through 2.42 **Description** Providing an excessively large alignment value to the `memalign` family of functions – including `memalign`, `posix memalign`, `aligned alloc`, `valloc`, and `pvalloc` – within the GNU C Library can lead to an integer overflow. This overflow may result in heap corruption. **Recommendations** Update to a version beyond 2.42.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** The issue involves incorrect boundary conditions within the WebRTC Audio/Video component, leading to a heap overflow during H.264 decoding. This allows for attacker-controlled out-of-bounds read/write operations. The vulnerability exists in the WebRTC GMP H.264 decoding process, specifically triggered by short EncodedImage data. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 145 Mozilla Firefox ESR versions prior to 140.5 Thunderbird versions prior to 145 Thunderbird versions prior to 140.5 Mozilla Firefox ESR versions prior to 140.5.0esr-1~deb11u1 Mozilla Firefox ESR versions prior to 140.5.0esr-1~deb12u1 Mozilla Firefox ESR versions prior to 140.5.0esr-1~deb13u1 Thunderbird versions prior to 1:140.5.0esr-1~deb12u1 Thunderbird versions prior to 1:140.5.0esr-1~deb13u1 Thunderbird versions prior to 1:140.5.0esr-1~deb11u1 **Description** A flaw exists in the JavaScript WebAssembly component of Firefox and Thunderbird due to incorrect boundary conditions, leading to a stack buffer overflow. This vulnerability could allow a remote attacker to execute arbitrary code via a malicious webpage. Approximately 180 million users may be affected. The issue is related to the WebAssembly garbage collection and involves faulty pointer math. Exploitation could lead to arbitrary code execution, session hijacking, or full system compromise. **Recommendations** Upgrade Firefox to version 145 or later. Upgrade Firefox ESR to version 140.5 or later. Upgrade Thunderbird to version 145 or later. Upgrade Thunderbird to version 140.5 or later. Upgrade Firefox ESR to version 140.5.0esr-1~deb11u1 or later. Upgrade Firefox ESR to version 140.5.0esr-1~deb12u1 or later. Upgrade Firefox ESR to version 140.5.0esr-1~deb13u1 or later. Upgrade Thunderbird to version 1:140.5.0esr-1~deb12u1 or later. Upgrade Thunderbird to version 1:140.5.0esr-1~deb13u1 or later. Upgrade Thunderbird to version 1:140.5.0esr-1~deb11u1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 **Description** A same-origin policy bypass exists within the Request Handling component. This allows potential circumvention of security restrictions designed to isolate different origins. **Recommendations** Update Firefox to version 146 or later. Update Firefox ESR to version 115.31 or later. Update Firefox ESR to version 140.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 146 Firefox ESR versions prior to 140.6 **Description** A use-after-free issue exists in the WebRTC: Signaling component of the software. This condition may lead to unexpected behavior or potentially allow for arbitrary code execution. **Recommendations** Update to Firefox version 146 or later. Update to Firefox ESR version 140.6 or later.