Marten Richter

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 131 Firefox ESR versions prior to 128.3 Thunderbird versions prior to 128.3 Thunderbird versions prior to 131 **Description** The issue is related to errors in resource release, which can be exploited by a remote attacker to cause a denial of service condition. A website configured to initiate a specially crafted WebTransport session could crash the Firefox process. **Recommendations** For Firefox versions prior to 131, update to version 131 or later to resolve the issue. For Firefox ESR versions prior to 128.3, update to version 128.3 or later to resolve the issue. For Thunderbird versions prior to 128.3, update to version 128.3 or later to resolve the issue. For Thunderbird versions prior to 131, update to version 131 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.88 Microsoft Edge (affected versions not specified) **Description** The issue is related to an out of bounds read in WebTransport, allowing a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. This could enable an attacker to execute arbitrary code. The severity of this issue is considered High. **Recommendations** For Google Chrome versions prior to 127.0.6533.88, update to version 127.0.6533.88 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.