Kevin Brosnan

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 150.0.2 Firefox ESR versions prior to 140.10.2 Firefox ESR versions prior to 115.35.2 **Description** A use-after-free issue exists in the DOM: Networking component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 150.0.2 Update to ESR version 140.10.2 Update to ESR version 115.35.2

Name of the Vulnerable Software and Affected Versions: Firefox Focus versions prior to 142 Description: A spoofing issue exists in the Address Bar component of Firefox Focus for Android. Recommendations: Update Firefox Focus to version 142 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9 **Description** The issue is related to memory safety bugs, which have shown evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability can be exploited by a remote attacker using a specially crafted web page, potentially allowing them to execute arbitrary code. **Recommendations** For Firefox versions prior to 124, update to version 124 or later. For Firefox ESR versions prior to 115.9, update to version 115.9 or later. For Thunderbird versions prior to 115.9, update to version 115.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 93 Firefox ESR versions prior to 91.2 Thunderbird versions prior to 91.2 **Description** The issue is caused by memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code with enough effort. It is also described as a buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 93, update to version 93 or later. For Firefox ESR versions prior to 91.2, update to version 91.2 or later. For Thunderbird versions prior to 91.2, update to version 91.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 83 **Description** The issue is related to a missing service initialization in OneCRL, which could result in a failure to enforce some certificate revocations. This problem only affects Firefox for Android, with other operating systems being unaffected. **Recommendations** For versions prior to 83, update to version 83 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 70 **Description** The issue is related to a security policy vulnerability in the Firefox web browser, which is connected to an insufficient input validation mechanism. This could allow a remote attacker to impact data integrity due to the use of the HTTP protocol. Additionally, if the upgrade-insecure-requests directive was specified in the Content Security Policy and a link was dragged and dropped from that page, the link was not upgraded to HTTPS. **Recommendations** For Firefox versions prior to 70, update to version 70 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the HTTP protocol for sensitive data until the update is applied. Restrict access to unsecured links to minimize the risk of exploitation.