Irvan Kurniawan

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 140.7 **Description** A use-after-free issue exists in the JavaScript: GC component. This condition may lead to unexpected behavior or potentially allow for arbitrary code execution. **Recommendations** Update Firefox to version 147 or later. Update Firefox ESR to version 140.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 146.0.1 **Description** A use-after-free issue exists in the Disability Access APIs component. This can potentially allow for unexpected behavior or crashes. **Recommendations** Update Firefox to version 146.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 Firefox ESR versions prior to 140.5 Firefox ESR versions prior to 115.30 **Description** A race condition exists within the Graphics component of the software. A race condition occurs when multiple threads access and manipulate shared data concurrently, leading to unpredictable behavior. **Recommendations** Update Firefox to version 145 or later. Update Firefox ESR to version 140.5 or later. Update Firefox ESR to version 115.30 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 144 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 **Description** A use-after-free issue exists in the `MediaTrackGraphImpl::GetInstance()` function. This can occur due to improper memory management within the function. **Recommendations** Update Firefox to version 144 or later. Update Firefox ESR to version 140.4 or later. Update Thunderbird to version 144 or later. Update Thunderbird to version 140.4 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 128.14 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird versions prior to 128.14 Thunderbird versions prior to 140.2 Description: An uninitialized memory issue exists in the JavaScript Engine component. Recommendations: Update Firefox to version 142 or later. Update Firefox ESR to version 128.14 or later. Update Firefox ESR to version 140.2 or later. Update Thunderbird to version 142 or later. Update Thunderbird to version 128.14 or later. Update Thunderbird to version 140.2 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird versions prior to 140.2 Description: The software is susceptible to a denial-of-service issue caused by an out-of-memory condition within the Graphics: WebRender component. Recommendations: Update Firefox to version 142 or later. Update Firefox ESR to version 140.2 or later. Update Thunderbird to version 142 or later. Update Thunderbird to version 140.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Thunderbird versions prior to 135 **Description** The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. **Recommendations** For Firefox versions prior to 135, update to version 135 or later to resolve the issue. For Thunderbird versions prior to 135, update to version 135 or later to resolve the issue. As a temporary workaround, consider restricting access to fullscreen mode until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Thunderbird versions prior to 135 **Description** The issue arises when the fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. **Recommendations** For Firefox versions prior to 135, update to version 135 or later to resolve the issue. For Thunderbird versions prior to 135, update to version 135 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 134 Firefox ESR versions prior to 128.6 Firefox ESR versions prior to 115.19 Thunderbird versions prior to 134 Thunderbird versions prior to 128.6 Description: The issue is related to the use of memory after it has been freed, which could lead to a potentially exploitable crash. An attacker could cause a use-after-free by assuming a controlled failed memory allocation. This could allow a remote attacker to cause a denial of service using a specially crafted web page. Recommendations: For Firefox versions prior to 134, update to version 134 or later. For Firefox ESR versions prior to 128.6, update to version 128.6 or later. For Firefox ESR versions prior to 115.19, update to version 115.19 or later. For Thunderbird versions prior to 134, update to version 134 or later. For Thunderbird versions prior to 128.6, update to version 128.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 129 Firefox ESR versions prior to 115.14 Firefox ESR versions prior to 128.1 Thunderbird versions prior to 128.1 Thunderbird versions prior to 115.14 **Description** The issue is related to an out-of-bounds read due to the editor code failing to check an attribute value. This could allow a remote attacker to disclose protected information or cause a denial of service. The vulnerability is associated with errors in checking attribute values, which can be exploited by a remote attacker to gain access to confidential information. **Recommendations** For Firefox versions prior to 129, update to version 129 or later. For Firefox ESR versions prior to 115.14, update to version 115.14 or later. For Firefox ESR versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 128.1, update to version 128.1 or later. For Thunderbird versions prior to 115.14, update to version 115.14 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Firefox ESR versions prior to 115.13 Thunderbird versions prior to 115.13 Thunderbird versions prior to 128 **Description** The issue is related to memory corruption that can occur in an out-of-memory scenario, where an allocation failure is followed by a call to free on the pointer, leading to potential damage. This can be exploited by a remote attacker to execute arbitrary code. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Firefox versions prior to 128, update to version 128 or later. For Firefox ESR versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 128, update to version 128 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Thunderbird versions prior to 128 **Description** The issue is related to the pointerlock feature in iframes, allowing the cursor to be moved outside the viewport and the browser window. This could potentially lead to a denial of service. **Recommendations** For Firefox versions prior to 128, update to version 128 or later to resolve the issue. For Thunderbird versions prior to 128, update to version 128 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Thunderbird versions prior to 128 **Description** The issue is related to the allocation of memory in the NSS library used by Firefox and Thunderbird, potentially allowing an attacker to access confidential data, compromise its integrity, and cause a denial of service. When the system is almost out of memory, an elliptic curve key that was never allocated could have been freed again. **Recommendations** For Firefox versions prior to 128, update to version 128 or later to resolve the issue. For Thunderbird versions prior to 128, update to version 128 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Thunderbird versions prior to 128 **Description** The issue is related to a pointer lock problem and overlaying customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions, potentially allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Firefox versions prior to 128, update to version 128 or later to resolve the issue. For Thunderbird versions prior to 128, update to version 128 or later to resolve the issue. As a temporary workaround, consider disabling the pointer lock feature until a patch is available. Restrict access to permission prompts to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 127 Firefox ESR versions prior to 115.12 Thunderbird versions prior to 115.12 Description: The issue is related to a buffer overflow in memory, which can be triggered by manipulating the text in an `<input>` tag. This could lead to a potentially exploitable crash, allowing a remote attacker to execute arbitrary code or cause a denial of service. Recommendations: For Firefox versions prior to 127, update to version 127 or later to resolve the issue. For Firefox ESR versions prior to 115.12, update to version 115.12 or later to resolve the issue. For Thunderbird versions prior to 115.12, update to version 115.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 127 **Description** The issue is related to an out-of-memory condition in the probabilistic heap checker, potentially leading to memory corruption. It is also described as a buffer overflow vulnerability that could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 127, update to version 127 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 126 **Description** A memory allocation check was missing, leading to a potential use-after-free condition if the allocation failed. This could trigger a crash or potentially be leveraged to achieve code execution. The issue is related to a use-after-free condition, which may allow a remote attacker to access confidential data, compromise its integrity, or cause a denial of service. **Recommendations** For versions prior to 126, update to version 126 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 126 Firefox ESR versions prior to 115.11 Thunderbird versions prior to 115.11 **Description** The issue is related to a potential use-after-free crash when saving a page to PDF, due to certain font styles. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For Firefox versions prior to 126, update to version 126 or later. For Firefox ESR versions prior to 115.11, update to version 115.11 or later. For Thunderbird versions prior to 115.11, update to version 115.11 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 123 Firefox ESR versions prior to 115.8 Thunderbird versions prior to 115.8 **Description** The issue is related to the incorrect restriction of visualizable layers or frames of the user interface in Mozilla Firefox, Firefox ESR, and the Thunderbird email client. This could allow a remote attacker to display an alert dialog on another website, showing the victim website's URL. **Recommendations** For Firefox versions prior to 123, update to version 123 or later. For Firefox ESR versions prior to 115.8, update to version 115.8 or later. For Thunderbird versions prior to 115.8, update to version 115.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 121 Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 **Description** The issue is related to a heap buffer overflow in the `nsTextFragment` function due to insufficient OOM handling. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Firefox versions prior to 121, update to version 121 or later. For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later.