Omair

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 99.0.4844.74 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the GPU process when handling HTML content. This could allow a remote attacker to exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution or denial of service. **Recommendations** For Google Chrome versions prior to 99.0.4844.74, update to version 99.0.4844.74 or later. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.71 **Description** The issue is related to a heap buffer overflow in the ANGLE library of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacker to execute arbitrary code. **Recommendations** For Google Chrome versions prior to 97.0.4692.71, update to version 97.0.4692.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.71 **Description** The issue is related to a use after free in SwiftShader, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 97.0.4692.71, update to version 97.0.4692.71 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.93 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the ANGLE library, which can be exploited by a remote attacker via a crafted HTML page, potentially leading to heap corruption. This could allow the attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Google Chrome versions prior to 96.0.4664.93, update to version 96.0.4664.93 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.110 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the Swiftshader library, which can be exploited by a remote attacker via a crafted HTML page. This could potentially lead to heap corruption, allowing the attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Google Chrome versions prior to 96.0.4664.110, update to version 96.0.4664.110 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.93 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the ANGLE library used by Google Chrome and Microsoft Edge. This could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution. **Recommendations** For Google Chrome versions prior to 90.0.4430.93, update to version 90.0.4430.93 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firefox ESR versions prior to 78.10 Thunderbird versions prior to 78.10 Firefox versions prior to 88 Description: The issue is related to a WebGL component, specifically a framebuffer that was not initialized early enough, resulting in memory corruption and an out of bounds write. This can lead to arbitrary code execution by a remote attacker. Recommendations: For Firefox ESR versions prior to 78.10, update to version 78.10 or later. For Thunderbird versions prior to 78.10, update to version 78.10 or later. For Firefox versions prior to 88, update to version 88 or later.

Name of the Vulnerable Software and Affected Versions: Firefox ESR versions prior to 78.9 Firefox versions prior to 87 Thunderbird versions prior to 78.9 Description: A texture upload of a Pixel Buffer Object could confuse the WebGL code, leading to memory corruption and potentially causing an information leak or crash. Recommendations: For Firefox ESR versions prior to 78.9, update to version 78.9 or later. For Firefox versions prior to 87, update to version 87 or later. For Thunderbird versions prior to 78.9, update to version 78.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 84 Thunderbird versions prior to 78.6 Firefox ESR versions prior to 78.6 **Description** The issue arises from certain blit values provided by the user not being properly constrained, leading to a heap buffer overflow on some video drivers. **Recommendations** For Firefox versions prior to 84, update to version 84 or later. For Thunderbird versions prior to 78.6, update to version 78.6 or later. For Firefox ESR versions prior to 78.6, update to version 78.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Thunderbird versions prior to 78.9 Mozilla Firefox ESR versions prior to 78.9 **Description** The issue is related to an out-of-date graphics library, Angle, which may contain vulnerabilities. It is associated with insufficient input validation in the ANGLE library of Mozilla Firefox ESR and the Thunderbird email client. Exploitation of this issue could allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Mozilla Thunderbird versions prior to 78.9, update to version 78.9 or later. For Mozilla Firefox ESR versions prior to 78.9, update to version 78.9 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 75.0.3770.80 **Description** The issue is related to a heap buffer overflow in the ANGLE component of Google Chrome, which can be exploited by a remote attacker through a specially crafted HTML page. This could potentially lead to data corruption, denial of service, or unauthorized access to sensitive information. **Recommendations** For versions prior to 75.0.3770.80, update to version 75.0.3770.80 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions (affected versions not specified) Office 365 ProPlus versions (affected versions not specified) Microsoft Office versions (affected versions not specified) **Description** An information disclosure issue exists due to improper memory handling in Microsoft Excel. This could allow a remote attacker to access protected information by using a specially crafted file. The exploitation involves an attacker crafting a special document file and convincing the user to open it, potentially compromising the user's computer or data. The attacker must be aware of the memory address location where the object was created. **Recommendations** For Microsoft Excel, consider restricting the use of specially crafted XLS files until a patch is available. For Office 365 ProPlus, avoid opening untrusted document files to minimize the risk of exploitation. For Microsoft Office, as a temporary workaround, consider disabling the ability to open specially crafted files until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions prior to the fixed version Office 365 ProPlus versions prior to the fixed version Microsoft Office versions prior to the fixed version **Description** A remote code execution issue exists in Microsoft Excel due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Excel. **Recommendations** For Microsoft Excel, update to a version that includes the fix for this issue. For Office 365 ProPlus, update to a version that includes the fix for this issue. For Microsoft Office, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted files with affected versions of Microsoft Excel until a patch is available.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 64 Description: A buffer overflow occurs in the VertexBuffer11 module of the Firefox browser when using the ANGLE graphics library for WebGL content. This can result in a potentially exploitable crash, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. Recommendations: For versions prior to 64, update to version 64 or later to resolve the issue. As a temporary workaround, consider disabling WebGL content until a patch is available. Restrict access to the VertexBuffer11 module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 70.0.3538.67 **Description** The issue is caused by incorrect texture handling in the Angle library, leading to an out-of-bounds memory read. This can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing them to execute arbitrary code, cause a denial of service, or disclose sensitive information. **Recommendations** For Google Chrome versions prior to 70.0.3538.67, update to version 70.0.3538.67 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 68.0.3440.75 **Description** The issue is related to improper deserialization in the WebGL component of Google Chrome, which can be exploited by a remote attacker using a crafted HTML page. This can potentially lead to heap corruption. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 68.0.3440.75, update to version 68.0.3440.75 or later to resolve the issue. As a temporary workaround, consider disabling WebGL functionality until a patch is available. Restrict access to potentially malicious HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4.1 Apple tvOS versions prior to 11.4.1 Apple Safari versions prior to 11.1.2 Apple iTunes for Windows versions prior to 12.8 Apple iCloud for Windows versions prior to 7.6 **Description** The issue is related to multiple memory corruption problems that have been addressed through improved memory handling. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later. For tvOS versions prior to 11.4.1, update to tvOS 11.4.1 or later. For Safari versions prior to 11.1.2, update to Safari 11.1.2 or later. For iTunes for Windows versions prior to 12.8, update to iTunes 12.8 or later. For iCloud for Windows versions prior to 7.6, update to iCloud for Windows 7.6 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel (affected versions not specified) **Description** The issue is caused by an out-of-bounds access in memory, allowing a remote attacker to execute arbitrary code using a specially crafted XLS file. Exploitation of the vulnerability requires a user to open the malicious file with an affected version of Microsoft Excel. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system, installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) Microsoft Excel (affected versions not specified) **Description** An information disclosure issue exists due to improper memory content disclosure by Microsoft Excel. This could allow an attacker to compromise a user's computer or data by exploiting the vulnerability. To exploit this, an attacker would need to craft a special document file and convince a user to open it, requiring knowledge of the memory address location where the object was created. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.3 Apple Safari versions prior to 11.1 Apple iCloud versions prior to 7.4 on Windows Apple iTunes versions prior to 12.7.4 on Windows Apple tvOS versions prior to 11.3 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, resulting in memory corruption and application crash. **Recommendations** For iOS versions prior to 11.3, update to version 11.3 or later. For Safari versions prior to 11.1, update to version 11.1 or later. For iCloud versions prior to 7.4 on Windows, update to version 7.4 or later. For iTunes versions prior to 12.7.4 on Windows, update to version 12.7.4 or later. For tvOS versions prior to 11.3, update to version 11.3 or later.