Inferno

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 Firefox ESR 45.x versions prior to 45.3 **Description** The issue is related to a use-after-free vulnerability in the `nsXULPopupManager::KeyDown` function. This vulnerability allows attackers to execute arbitrary code or cause a denial of service, such as heap memory corruption and application crash, by leveraging keyboard access to use the Alt key during the selection of top-level menu items. **Recommendations** For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later. For Firefox ESR 45.x versions prior to 45.3, update to version 45.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 Firefox ESR versions prior to 38.5 **Description** The issue is related to an integer overflow in the `mozilla::layers::BufferTextureClient::AllocateForSurface` function. This allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. **Recommendations** For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Firefox ESR versions prior to 38.5, update to version 38.5 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 46.0.2490.71 Opera (affected versions not specified) **Description** The issue is related to multiple unspecified vulnerabilities in the code of the affected software. These vulnerabilities can be exploited by attackers to cause a denial of service or possibly have other impact via unknown vectors. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For Google Chrome versions prior to 46.0.2490.71, update to version 46.0.2490.71 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 46.0.2490.71 Opera versions prior to 46.0.2490.71 **Description** The issue is related to a use-after-free vulnerability in the ServiceWorker implementation. This vulnerability can be exploited by a remote attacker to cause a denial of service or possibly have other unspecified impacts by leveraging object destruction in a callback. The vulnerability is associated with the use of memory after it has been freed. **Recommendations** For Google Chrome versions prior to 46.0.2490.71, update to version 46.0.2490.71 or later to resolve the issue. For Opera versions prior to 46.0.2490.71, update to a version that includes the fix for this vulnerability, as the exact version is not specified. As a temporary workaround, consider restricting the use of the ServiceWorker implementation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 Firefox ESR versions prior to 38.2 **Description** The issue is related to a heap-based buffer overflow in the resize context buffers function in libvpx, which can be exploited by remote attackers via malformed WebM video data, potentially allowing them to execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR versions prior to 38.2, update to version 38.2 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 44.0.2403.89 **Description** The issue is related to multiple unspecified vulnerabilities in Google Chrome. These vulnerabilities can be exploited by attackers to cause a denial of service or possibly have other unspecified impacts via unknown vectors. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 44.0.2403.89 **Description** The issue is related to a use-after-free vulnerability in the IndexedDB implementation, specifically in the content/browser/indexed db/indexed db backing store.cc file. This vulnerability can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts by leveraging an abort action before a certain write operation. The exploitation involves influencing write operations, which can lead to system disruption. **Recommendations** For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. As a temporary workaround, consider restricting the use of IndexedDB functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 42.0.2311.90 Opera (affected versions not specified) **Description** The issue involves multiple unspecified vulnerabilities that can be exploited by a remote attacker to cause a denial of service or possibly have other impact. The exact vectors used for the exploitation are unknown. **Recommendations** For Google Chrome versions prior to 42.0.2311.90, update to version 42.0.2311.90 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0 **Description** The issue is related to the Off Main Thread Compositing (OMTC) implementation, which makes an incorrect memset call during interaction with the `mozilla::layers::BufferTextureClient::AllocateForSurface` function. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors that trigger rendering of 2D graphics content. **Recommendations** For versions prior to 37.0, update to version 37.0 or later to resolve the issue. As a temporary workaround, consider restricting the rendering of 2D graphics content until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to M40 **Description** A heap-based buffer overflow issue allows remote attackers to cause a denial of service, resulting in an unpaged memory write and process crash, via a crafted MP4 file. **Recommendations** For versions prior to M40, update to version M40 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 41.0.2272.76 Opera (affected versions not specified) **Description** The issue is related to multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation. These vulnerabilities can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. The exploitation vectors trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, which is related to the NotifyStartedCaching and NotifyFinishedCaching functions. **Recommendations** For Google Chrome versions prior to 41.0.2272.76, update to version 41.0.2272.76 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 36.0 **Description** A double free vulnerability exists in the nsXMLHttpRequest::GetResponse function when a nonstandard memory allocator is used, allowing remote attackers to execute arbitrary code or cause a denial of service via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data. **Recommendations** For versions prior to 36.0, update to version 36.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 11.0.696.65 **Description** A use-after-free issue exists in the FrameView::calculateScrollbarModesForLayout function, allowing remote attackers to cause a denial of service, potentially leading to an application crash, via crafted JavaScript code that calls the `removeChild` method during interaction with a FRAME element. **Recommendations** For versions prior to 11.0.696.65, update to version 11.0.696.65 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 11.0.696.65 **Description** The issue is related to the rendering of SVG text elements in Google Chrome. It occurs when the `RenderSVGText.cpp` file in WebCore in WebKit does not properly perform a cast of an unspecified variable during an attempt to handle a block child. This can allow remote attackers to cause a denial of service, resulting in an application crash, or possibly have other unknown impacts via a crafted text element in an SVG document. **Recommendations** For versions prior to 11.0.696.65, update to version 11.0.696.65 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 30.0.1599.66 **Description** The issue is related to multiple unspecified vulnerabilities that could allow attackers to cause a denial of service or possibly have other impact. The exact vectors used for the attack are unknown. **Recommendations** For versions prior to 30.0.1599.66, update to version 30.0.1599.66 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0.5 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.