Maurice Dauer

**Name of the Vulnerable Software and Affected Versions** Firefox version 150.0.1 Firefox ESR version 140.10.1 Firefox ESR version 115.35.1 **Description** Memory safety bugs exist that exhibit evidence of memory corruption, which could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox 150.0.1 to version 150.0.2. Update Firefox ESR 140.10.1 to version 140.10.2. Update Firefox ESR 115.35.1 to version 115.35.2.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Firefox ESR to version 140.10. Update Thunderbird ESR to version 140.10. Update Firefox to version 150. Update Thunderbird to version 150.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Thunderbird versions prior to 147 **Description** The software contains memory safety bugs that could potentially lead to arbitrary code execution. Some of these bugs demonstrate evidence of memory corruption. **Recommendations** Update Firefox to version 147 or later. Update Thunderbird to version 147 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird ESR versions prior to 140.8 **Description** The software contains memory safety bugs that exhibit evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird ESR to version 140.8 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Thunderbird versions prior to 142 Description: Memory safety bugs are present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption, and it is presumed that with sufficient effort, some of them could have been exploited to run arbitrary code. Recommendations: Update Firefox to version 142 or later. Update Thunderbird to version 142 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 137.0.7151.55 **Description** The issue is related to an inappropriate implementation in the Background Fetch API, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could potentially expose sensitive information. **Recommendations** For versions prior to 137.0.7151.55, update to version 137.0.7151.55 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 138 Firefox ESR versions prior to 128.10 Thunderbird versions prior to 138 Thunderbird ESR versions prior to 128.10 **Description** Memory safety bugs are present, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 138, update to version 138 or later. For Firefox ESR versions prior to 128.10, update to version 128.10 or later. For Thunderbird versions prior to 138, update to version 138 or later. For Thunderbird ESR versions prior to 128.10, update to version 128.10 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 **Description** Memory safety bugs have been detected in Firefox and Thunderbird, showing evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 135, update to version 135 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 135, update to version 135 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 105.0.5195.52 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in the Extensions API, which could allow an attacker to bypass existing security restrictions. This could be achieved by convincing a user to install a malicious extension and then using a crafted HTML page to circumvent downloads policy. **Recommendations** For Google Chrome versions prior to 105.0.5195.52, update to version 105.0.5195.52 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.79 **Description** The issue is related to insufficient policy enforcement in the Background Fetch component of Google Chrome and Microsoft Edge browsers. This can be exploited by a remote attacker using a specially crafted web page to leak protected information. The exploitation allows the attacker to disclose cross-origin data. **Recommendations** For Google Chrome versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later to resolve the issue. At the moment, there is no information about a fix for Microsoft Edge.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.79 **Description** The issue is related to insufficient policy enforcement in cookies, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This can be exploited by a specially designed website, potentially revealing protected information. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Google Chrome versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information when using affected versions of Google Chrome.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.45 **Description** The issue is related to insufficient policy enforcement in CORS, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This can enable the attacker to bypass security restrictions and gain unauthorized access to protected information. **Recommendations** For versions prior to 96.0.4664.45, update to version 96.0.4664.45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 100.0.4896.60 **Description** The issue is related to an inappropriate implementation in the Background Fetch API, which allowed a remote attacker to leak cross-origin data via a crafted HTML page. This could enable an attacker to gain unauthorized access to protected information. The vulnerability is associated with incorrectly implemented security checks for standard elements. **Recommendations** For Google Chrome versions prior to 100.0.4896.60, update to version 100.0.4896.60 or later to resolve the issue. As a temporary workaround, consider restricting access to the Background Fetch API until a patch is applied. Avoid using the Background Fetch API in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.45 **Description** The issue is related to insufficient policy enforcement in the background fetch feature, allowing a remote attacker to bypass the same origin policy. This can be achieved via a crafted HTML page, potentially leading to unauthorized access to protected information. **Recommendations** For versions prior to 96.0.4664.45, update to version 96.0.4664.45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 94.0.4606.54 **Description** The issue is related to an inappropriate implementation in the Background Fetch API, which can allow a remote attacker to leak cross-origin data via a crafted HTML page. This can lead to unauthorized access to protected information. **Recommendations** For versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to the Background Fetch API until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 94.0.4606.54 **Description** The issue is related to an inappropriate implementation in the Background Fetch API, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could enable an attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data when using the Background Fetch API until the update is applied.