Julian Hector

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 95 Firefox ESR versions prior to 91.4.0 Thunderbird versions prior to 91.4.0 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code with sufficient effort. It is also described as a buffer overflow vulnerability in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Firefox versions prior to 95, update to version 95 or later. For Firefox ESR versions prior to 91.4.0, update to version 91.4.0 or later. For Thunderbird versions prior to 91.4.0, update to version 91.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 60 Firefox ESR versions prior to 52.8 Thunderbird versions prior to 52.8 Thunderbird ESR versions prior to 52.8 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 60, update to version 60 or later. For Firefox ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 Firefox ESR versions prior to 52.2 Thunderbird versions prior to 52.2 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 54, update to version 54 or later. For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Thunderbird versions prior to 52.2, update to version 52.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.1 Firefox versions prior to 53 **Description** The issue allows bypassing file system access protections in the sandbox. This is achieved through the file system request constructor using an IPC message, enabling read and write access to the local file system. **Recommendations** For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Firefox versions prior to 53, update to version 53 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 52, update to version 52 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox OS versions prior to 2.2 **Description** The issue is related to an integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function, which can lead to a denial of service due to memory corruption. This can be triggered by a negative value of a size parameter, potentially allowing remote attackers to cause a denial of service. **Recommendations** For versions prior to 2.2, update to version 2.2 or later to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.