Nils

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 20.0a1 and earlier **Description** The issue is related to event handling with frames, allowing remote attackers to cause a denial of service, which results in a crash. **Recommendations** For Mozilla Firefox versions 20.0a1 and earlier, update to a version later than 20.0a1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 71 Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3 **Description** The issue is related to an error in extracting a document from DocShell, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. **Recommendations** For Firefox versions prior to 71, update to version 71 or later to resolve the issue. For Firefox ESR versions prior to 68.3, update to version 68.3 or later to resolve the issue. For Thunderbird versions prior to 68.3, update to version 68.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 70 Firefox ESR versions prior to 68.2 Thunderbird versions prior to 68.2 **Description** A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling, resulting in a potentially exploitable crash in some instances. This issue may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For Firefox versions prior to 70, update to version 70 or later. For Firefox ESR versions prior to 68.2, update to version 68.2 or later. For Thunderbird versions prior to 68.2, update to version 68.2 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 68.3 Firefox ESR versions prior to 68.3 Firefox versions prior to 71 **Description** The issue is related to a race condition that could cause a use-after-free, potentially leading to a crash. This occurs when checking the Resist Fingerprinting preference during device orientation checks. The vulnerability may allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** For Thunderbird versions prior to 68.3, update to version 68.3 or later. For Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Firefox versions prior to 71, update to version 71 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Thunderbird versions prior to 68.1 Thunderbird versions prior to 60.9 Firefox ESR versions prior to 60.9 Firefox ESR versions prior to 68.1 **Description** A use-after-free issue can occur when manipulating video elements, potentially leading to a crash. This issue may allow a remote attacker to access confidential data, compromise data integrity, or cause a denial of service. **Recommendations** For Firefox versions prior to 69, update to version 69 or later. For Thunderbird versions prior to 68.1, update to version 68.1 or later. For Thunderbird versions prior to 60.9, update to version 60.9 or later. For Firefox ESR versions prior to 60.9, update to version 60.9 or later. For Firefox ESR versions prior to 68.1, update to version 68.1 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.7 Firefox versions prior to 67 Firefox ESR versions prior to 60.7 **Description** A use-after-free issue can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This issue allows a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For Thunderbird versions prior to 60.7, update to version 60.7 or later. For Firefox versions prior to 67, update to version 67 or later. For Firefox ESR versions prior to 60.7, update to version 60.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 67 Firefox ESR versions prior to 60.7 Thunderbird versions prior to 60.7 **Description** A use-after-free issue can occur in the chrome event handler when it is freed while still in use, resulting in a potentially exploitable crash. The vulnerability is related to a use-after-free error, which means that the software attempts to access memory that has already been freed. This can lead to a crash, potentially allowing a remote attacker to cause a denial of service during API handling. **Recommendations** For Firefox versions prior to 67, update to version 67 or later to resolve the issue. For Firefox ESR versions prior to 60.7, update to version 60.7 or later to resolve the issue. For Thunderbird versions prior to 60.7, update to version 60.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 67 Firefox ESR versions prior to 60.7 Thunderbird versions prior to 60.7 **Description** A use-after-free issue can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash, allowing a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For Firefox versions prior to 67, update to version 67 or later to resolve the issue. For Firefox ESR versions prior to 60.7, update to version 60.7 or later to resolve the issue. For Thunderbird versions prior to 60.7, update to version 60.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of `XMLHttpRequest` (XHR) in event loops until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 67 Firefox ESR versions prior to 60.7 Thunderbird versions prior to 60.7 **Description** The issue is related to a JavaScript compartment mismatch that can occur while working with the `fetch API`, potentially leading to a crash. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Firefox versions prior to 67, update to version 67 or later to resolve the issue. For Firefox ESR versions prior to 60.7, update to version 60.7 or later to resolve the issue. For Thunderbird versions prior to 60.7, update to version 60.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 67 **Description** A use-after-free issue can occur in the AssertWorkerThread due to a race condition with shared workers, resulting in a potentially exploitable crash. This issue may allow a remote attacker to access sensitive data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 67, update to version 67 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.6 Firefox ESR versions prior to 60.6 Firefox versions prior to 66 **Description** A use-after-free issue occurs due to the SMIL animation controller incorrectly registering with the refresh driver twice. This leaves a dangling pointer to the driver's observer array when the animation controller element is removed, potentially allowing a remote attacker to gain unauthorized access to information and compromise its integrity. **Recommendations** For Thunderbird versions prior to 60.6, update to version 60.6 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Firefox versions prior to 66, update to version 66 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.6 Firefox ESR versions prior to 60.6 Firefox versions prior to 66 **Description** The issue is related to a type-confusion problem in the IonMonkey just-in-time compiler. It can be exploited by a remote attacker using a specially crafted JavaScript object, potentially leading to a crash. **Recommendations** For Thunderbird versions prior to 60.6, update to version 60.6 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Firefox versions prior to 66, update to version 66 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 65 **Description** The issue is related to a compartment mismatch that may occur when JavaScript is used to create and manipulate an audio buffer, potentially leading to a crash. It is also associated with resource release errors in the Audio Buffer component. An attacker could exploit this issue by using a specially crafted web page to cause a denial of service. **Recommendations** For versions prior to 65, update to version 65 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 64 Firefox ESR versions prior to 60.4 Thunderbird versions prior to 60.4 **Description** A use-after-free issue can occur due to a weak reference to the select element in the options collection after deleting a selection element, resulting in a potentially exploitable crash. This issue may allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Firefox versions prior to 64, update to version 64 or later. For Firefox ESR versions prior to 60.4, update to version 60.4 or later. For Thunderbird versions prior to 60.4, update to version 60.4 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 63 Firefox ESR versions prior to 60.3 Thunderbird versions prior to 60.3 **Description** The issue is related to poor event handling when manipulating user events in nested loops while opening a document through a script, potentially leading to a crash. This situation can be exploited to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Firefox versions prior to 63, update to version 63 or later to resolve the issue. For Firefox ESR versions prior to 60.3, update to version 60.3 or later to resolve the issue. For Thunderbird versions prior to 60.3, update to version 60.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 62 Firefox ESR versions prior to 60.2 Thunderbird versions prior to 60.2.1 **Description** A use-after-free issue can occur when refresh driver timers are refreshed under certain circumstances during shutdown, potentially leading to a crash. This issue may allow a remote attacker to execute arbitrary code or cause the application to crash. **Recommendations** For Firefox versions prior to 62, update to version 62 or later. For Firefox ESR versions prior to 60.2, update to version 60.2 or later. For Thunderbird versions prior to 60.2.1, update to version 60.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60 Thunderbird versions prior to 52.9 Firefox ESR versions prior to 60.1 Firefox ESR versions prior to 52.9 Firefox versions prior to 61 **Description** A use-after-free issue can occur when a script uses mutation events to move DOM nodes between documents. This results in the old document that held the node being freed, but the node still having a pointer referencing it, leading to a potentially exploitable crash. The vulnerability is related to the use of memory after it has been freed, which can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Thunderbird versions prior to 60, update to version 60 or later. For Thunderbird versions prior to 52.9, update to version 52.9 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Firefox ESR versions prior to 52.9, update to version 52.9 or later. For Firefox versions prior to 61, update to version 61 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60 Thunderbird versions prior to 52.9 Firefox ESR versions prior to 60.1 Firefox ESR versions prior to 52.9 Firefox versions prior to 61 **Description** A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. The issue is related to the rendering of canvas content and may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Thunderbird versions prior to 60, update to version 60 or later. For Thunderbird versions prior to 52.9, update to version 52.9 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Firefox ESR versions prior to 52.9, update to version 52.9 or later. For Firefox versions prior to 61, update to version 61 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60 Thunderbird versions prior to 52.9 Firefox ESR versions prior to 60.1 Firefox ESR versions prior to 52.9 Firefox versions prior to 61 **Description** A use-after-free issue can occur when an input element is deleted during a mutation event handler triggered by focusing that element, resulting in a potentially exploitable crash. The vulnerability is related to the use of memory after it has been freed, which could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information by deleting an input element during event handling. **Recommendations** For Thunderbird versions prior to 60, update to version 60 or later. For Thunderbird versions prior to 52.9, update to version 52.9 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Firefox ESR versions prior to 52.9, update to version 52.9 or later. For Firefox versions prior to 61, update to version 61 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 Firefox ESR versions prior to 60.1 Firefox ESR versions prior to 52.9 Thunderbird versions prior to 60 **Description** The issue is related to the media stream recording mechanism in web browsers and email clients, where stream data is cast to the wrong type, potentially causing a crash. This can be exploited by a remote attacker to cause a denial of service by changing the media source type during recording. **Recommendations** For Firefox versions prior to 61, update to version 61 or later to resolve the issue. For Firefox ESR versions prior to 60.1, update to version 60.1 or later to resolve the issue. For Firefox ESR versions prior to 52.9, update to version 52.9 or later to resolve the issue. For Thunderbird versions prior to 60, update to version 60 or later to resolve the issue.