Jan-Ivar Bruaroey

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 126 **Description** The issue is related to a use-after-free vulnerability in the WebRTC component of the Firefox browser. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 126, update to version 126 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 89 **Description** The issue is related to errors in authorization, allowing a remote attacker to bypass existing security restrictions. Specifically, when a user has already allowed a website to access the microphone and camera, disabling camera sharing does not fully prevent the website from re-enabling it without an additional prompt, provided the website continues recording with the microphone until the camera is re-enabled. **Recommendations** For versions prior to 89, update to version 89 or later to resolve the issue. As a temporary workaround, consider restricting access to the microphone and camera for websites that do not require them to function properly. Avoid using the `camera` and `microphone` permissions in sensitive contexts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 85 **Description** The issue is related to errors in resource management, potentially allowing a remote attacker to gain unauthorized access to protected information. It could also cause the browser to leak unintended information by transferring a screen sharing state into another tab. **Recommendations** For versions prior to 85, update to version 85 or later to resolve the issue. As a temporary workaround, consider restricting screen sharing functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 84 **Description** The issue is related to memory safety bugs in Firefox, which can lead to memory corruption. With sufficient effort, these bugs could be exploited to run arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Firefox versions prior to 84, update to version 84 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 74 Firefox ESR versions prior to 68.6 Thunderbird versions prior to 68.6 **Description** A issue exists where websites with camera or microphone permission can enumerate device names, potentially disclosing the user's name, particularly when AirPods are connected to an iPhone and named by default with the user's name. **Recommendations** For Firefox versions prior to 74, update to version 74 or later to resolve the issue. For Firefox ESR versions prior to 68.6, update to version 68.6 or later to resolve the issue. For Thunderbird versions prior to 68.6, update to version 68.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Firefox ESR versions prior to 68.1 **Description** The issue is related to the improper assignment of access permissions for critical resources in Firefox, specifically concerning WebRTC permissions for microphone and camera access. This could potentially allow a remote attacker to gain unauthorized access to information. To mitigate this, Firefox will no longer persist permissions for access to these resources, prompting users for permissions on each use instead. **Recommendations** For Firefox versions prior to 69, update to version 69 or later to resolve the issue. For Firefox ESR versions prior to 68.1, update to version 68.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For versions prior to 50, update to version 50 or later to resolve the issue.