Jeff Gilbert

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 75 Firefox ESR versions prior to 68.7 Thunderbird versions prior to 68.7.0 **Description** The issue is related to the WebGL's `copyTexSubImage` method, where reading from areas outside the source resource could lead to potentially sensitive data disclosure due to uninitialized memory. This could result in the exposure of sensitive information. **Recommendations** For Firefox versions prior to 75, update to version 75 or later. For Firefox ESR versions prior to 68.7, update to version 68.7 or later. For Thunderbird versions prior to 68.7.0, update to version 68.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 68 Firefox ESR versions prior to 60.8 Thunderbird versions prior to 60.8 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 68, update to version 68 or later. For Firefox ESR versions prior to 60.8, update to version 60.8 or later. For Thunderbird versions prior to 60.8, update to version 60.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 68 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. It is also described as a buffer data boundary operation vulnerability, where exploitation could allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and minimizing browser usage until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 66 **Description** The issue allows malicious third-party applications to potentially execute a man-in-the-middle attack on Android systems by loading a library from a writable location. This could be achieved if malicious code is written to that location and loaded by Firefox. The issue is specific to Android systems, with other operating systems being unaffected. **Recommendations** For versions prior to 66, update to version 66 or later to resolve the issue. As a temporary workaround, consider restricting access to the APITRACE LIB location to prevent malicious code from being loaded.