Ioanna Dimitriou

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 95 Firefox ESR versions prior to 91.4.0 Thunderbird versions prior to 91.4.0 **Description** The issue is related to errors in cryptographic transformations and a race condition in notification code. This could allow a remote attacker to hide notifications for pages, potentially leading to spoofing attacks. **Recommendations** For Firefox versions prior to 95, update to version 95 or later. For Firefox ESR versions prior to 91.4.0, update to version 91.4.0 or later. For Thunderbird versions prior to 91.4.0, update to version 91.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 91.4.0 Firefox ESR versions prior to 91.4.0 Firefox versions prior to 95 **Description** The issue is related to the incorrect recording of live pointers across wasm instance calls, leading to a garbage collection (GC) that does not trace these live pointers. This could result in a use-after-free, causing a potentially exploitable crash. The vulnerability can be exploited by a remote attacker using a specially crafted web page, potentially allowing the execution of arbitrary code. **Recommendations** For Thunderbird versions prior to 91.4.0, update to version 91.4.0 or later. For Firefox ESR versions prior to 91.4.0, update to version 91.4.0 or later. For Firefox versions prior to 95, update to version 95 or later.