Kershaw Chang

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 125 Firefox ESR versions prior to 115.12 Thunderbird versions prior to 115.12 Description: The issue is related to memory corruption in the networking stack, potentially leading to a crash. It is also described as a use-after-free vulnerability, which could allow a remote attacker to cause a denial of service. Recommendations: For Firefox versions prior to 125, update to version 125 or later. For Firefox ESR versions prior to 115.12, update to version 115.12 or later. For Thunderbird versions prior to 115.12, update to version 115.12 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions 109 and earlier Firefox ESR versions 102.7 and earlier **Description** The issue is related to memory safety bugs, which have shown evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow due to lack of input size validation, allowing a remote attacker to execute arbitrary code on the target system. **Recommendations** For Firefox versions 109 and earlier, update to version 110 or later. For Firefox ESR versions 102.7 and earlier, update to version 102.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 98 **Description** The issue is related to memory safety bugs present in Firefox, which showed evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. The vulnerability can be exploited by a remote attacker using a specially crafted malicious web page, potentially allowing them to execute arbitrary code. **Recommendations** For versions prior to 98, update to version 98 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 96 Firefox ESR versions prior to 91.5 Thunderbird versions prior to 91.5 **Description** The issue is related to memory safety bugs present in the software, which can lead to memory corruption. With sufficient effort, these bugs could be exploited to run arbitrary code. The vulnerability is associated with incorrect limitation of operations within the bounds of a memory buffer when processing HTML content. This could allow a remote attacker to cause memory damage and execute arbitrary code on the target system. **Recommendations** For Firefox versions prior to 96, update to version 96 or later. For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 91 **Description** The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. It is associated with memory safety bugs that showed evidence of memory corruption, which could potentially be exploited. **Recommendations** For versions prior to 91, update to version 91 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources until the update is applied.