Josh Aas

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** A use-after-free issue exists in the Widget: Cocoa component. This can potentially lead to unexpected behavior or crashes. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** An information disclosure issue exists in the Widget: Cocoa component. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.6.x through 3.6.22 **Description** The issue is related to an unspecified vulnerability in the plugin API, allowing remote attackers to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 3.6.x through 3.6.22, update to version 3.6.23 or later to resolve the issue.