Marian Laza

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 102.2 Thunderbird versions prior to 102.2 **Description** A data race could occur in the `PK11 ChangePW` function, potentially leading to a use-after-free issue. This affects the protection of data when a user changes their master password. The vulnerability may allow a remote attacker to cause a denial of service. **Recommendations** For Firefox ESR versions prior to 102.2, update to version 102.2 or later. For Thunderbird versions prior to 102.2, update to version 102.2 or later. As a temporary workaround, consider disabling the `PK11 ChangePW` function until a patch is available.