Mirko Brodesser

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Firefox versions prior to 141 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 **Description** Thunderbird and Firefox are affected by a flaw where `javascript:` URLs are executed when used within `object` and `embed` tags. **Recommendations** Update Thunderbird to version 141 or later. Update Firefox to version 141 or later. Update Firefox ESR to version 128.13 or later. Update Firefox ESR to version 140.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 71 Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3 **Description** The issue is related to a serialization mechanism in the affected software, where a lack of input size validation leads to a potential buffer overflow. This could result in memory corruption and a crash, potentially allowing a remote attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity. **Recommendations** For Firefox versions prior to 71, update to version 71 or later. For Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Thunderbird versions prior to 68.3, update to version 68.3 or later.