Mingijung

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16 **Description** An easily exploitable issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the AWT and JavaFX components. An unauthenticated attacker with network access, utilizing multiple protocols, can compromise the software. Successful exploitation requires interaction from a user other than the attacker. The issue primarily affects Java deployments that load and execute untrusted code, such as Java Web Start applications or applets relying on the Java sandbox for security. Exploitation may lead to unauthorized modification, creation, or deletion of critical data accessible by Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. **Recommendations** Oracle Java SE version 8u471-b50 should be updated. Oracle Java SE version 8u471 should be updated. Oracle Java SE version 8u471-perf should be updated. Oracle Java SE version 11.0.29 should be updated. Oracle Java SE version 17.0.17 should be updated. Oracle Java SE version 21.0.9 should be updated. Oracle Java SE version 25.0.1 should be updated. Oracle GraalVM for JDK version 17.0.17 should be updated. Oracle GraalVM for JDK version 21.0.9 should be updated. Oracle GraalVM Enterprise Edition version 21.3.16 should be updated.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 **Description** A mitigation bypass exists in the DOM Security component of Firefox. This issue could allow bypassing security mitigations. **Recommendations** Update Firefox to a version newer than 146. Update Firefox ESR to a version newer than 115.31. Update Firefox ESR to a version newer than 140.6.