Nathan Froyd

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 71 Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3 **Description** The issue is related to a memory safety bug that can be exploited by a remote attacker to access sensitive data, compromise data integrity, and cause a denial of service. The bug is associated with the lack of input size validation, allowing for potential memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 71, update to version 71 or later to resolve the issue. For Firefox ESR versions prior to 68.3, update to version 68.3 or later to resolve the issue. For Thunderbird versions prior to 68.3, update to version 68.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Firefox ESR versions prior to 60.9 and prior to 68.1 Thunderbird versions prior to 60.9 and prior to 68.1 **Description** The issue is related to a buffer overflow, where an operation exceeds the boundaries of a memory buffer. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is due to memory safety bugs, some of which have shown evidence of memory corruption. It is presumed that these bugs could be exploited to run arbitrary code with sufficient effort. **Recommendations** For Firefox versions prior to 69, update to version 69 or later. For Firefox ESR versions prior to 60.9, update to version 60.9 or later. For Firefox ESR versions prior to 68.1, update to version 68.1 or later. For Thunderbird versions prior to 60.9, update to version 60.9 or later. For Thunderbird versions prior to 68.1, update to version 68.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 58 Firefox ESR versions prior to 52.6 Thunderbird versions prior to 52.6 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 58, update to version 58 or later. For Firefox ESR versions prior to 52.6, update to version 52.6 or later. For Thunderbird versions prior to 52.6, update to version 52.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Firefox ESR versions prior to 45.8 Thunderbird versions prior to 52 Thunderbird versions prior to 45.8 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Firefox ESR versions prior to 45.8, update to version 45.8 or later. For Thunderbird versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 45.8, update to version 45.8 or later.