Ljp

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 115.25 Firefox ESR versions prior to 128.12 Description: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. Recommendations: For Firefox versions prior to 140, update to version 140 or later. For Firefox ESR versions prior to 115.25, update to version 115.25 or later. For Firefox ESR versions prior to 128.12, update to version 128.12 or later.

**Name of the Vulnerable Software and Affected Versions** TP-Link Omada ER605 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. The specific flaw exists within the handling of DHCP options, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Authentication is not required to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.