Oskar L

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 **Description** A flaw exists due to an integer overflow within the Graphics component, potentially allowing for a sandbox escape. **Recommendations** Update Firefox to version 147 or later. Update Firefox ESR to version 115.32 or later. Update Firefox ESR to version 140.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 **Description** The Graphics component contains incorrect boundary conditions. This could lead to potential remote code execution. **Recommendations** Update Firefox to a version later than 146. Update Firefox ESR to a version later than 115.31. Update Firefox ESR to a version later than 140.6.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 **Description** A security issue exists in the Graphics component due to incorrect boundary conditions, which can lead to a sandbox escape. **Recommendations** Update Firefox to version 147 or later. Update Firefox ESR to version 115.32 or later. Update Firefox ESR to version 140.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 140.7 **Description** A sandbox escape exists due to incorrect boundary conditions within the Graphics: CanvasWebGL component. This issue could potentially allow an attacker to bypass security restrictions. **Recommendations** Update Firefox to version 147 or later. Update Firefox ESR to version 140.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A sandbox escape is possible due to incorrect boundary conditions within the Graphics: WebRender component. This issue could allow an attacker to bypass security restrictions. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A sandbox escape issue exists in the Graphics: WebRender component. This allows a malicious actor to potentially bypass security restrictions and execute code outside of the intended sandbox environment. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** A race condition and use-after-free issue exists in the Graphics: WebRender component. This can potentially lead to unexpected behavior or crashes. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 **Description** A security issue exists in Firefox due to incorrect boundary conditions within the Graphics: WebGPU component, potentially leading to a sandbox escape. The issue was reported by Oskar L. **Recommendations** Update Firefox to version 145 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 Firefox ESR versions prior to 140.5 **Description** A same-origin policy bypass exists in the DOM: Workers component. This allows for potential unauthorized access or manipulation of data due to insufficient restrictions on cross-origin interactions. **Recommendations** Update Firefox to version 145 or later. Update Firefox ESR to version 140.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 145 **Description** The Graphics: WebGPU component in Firefox contains incorrect boundary conditions. This issue does not have any reported real-world exploitation or estimated number of affected devices. The issue resides within the WebGPU functionality. **Recommendations** Update to Firefox version 145 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 144.0.2 **Description** A compromised child process could trigger a use-after-free in the GPU or browser process through WebGPU-related IPC calls. This could potentially allow for escaping the child process sandbox. **Recommendations** Update to Firefox version 144.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 144 Firefox ESR versions prior to 115.29 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 **Description** A compromised web process utilizing malicious Inter-Process Communication (IPC) messages could potentially lead to the privileged browser process disclosing portions of its memory to the compromised process. IPC is a method used for communication between different processes within an operating system. **Recommendations** Update Firefox to version 144 or later. Update Firefox ESR to version 115.29 or later. Update Firefox ESR to version 140.4 or later. Update Thunderbird to version 144 or later. Update Thunderbird to version 140.4 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 144 Firefox ESR versions prior to 115.29 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 **Description** A compromised web process could trigger out-of-bounds reads and writes in a more privileged process through manipulated WebGL textures. This issue involves the use of WebGL textures to potentially gain unauthorized access to memory regions. **Recommendations** Update Firefox to version 144 or later. Update Firefox ESR to version 115.29 or later. Update Firefox ESR to version 140.4 or later. Update Thunderbird to version 144 or later. Update Thunderbird to version 140.4 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 143.0.3 **Description** The software contains a flaw that can lead to a denial of service. The issue is related to an integer overflow within the Canvas2D component, potentially leading to a sandbox escape. **Recommendations** Update to Firefox version 143.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 143 Firefox ESR versions prior to 140.3 Thunderbird versions prior to 143 Thunderbird versions prior to 140.3 **Description** The software contains a flaw. **Recommendations** Update Firefox to version 143 or later. Update Firefox ESR to version 140.3 or later. Update Thunderbird to version 143 or later. Update Thunderbird to version 140.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 143 Firefox ESR versions prior to 140.3 Thunderbird versions prior to 143 Thunderbird versions prior to 140.3 **Description** The software contains a flaw. **Recommendations** Update Firefox to version 143 or later. Update Firefox ESR to version 140.3 or later. Update Thunderbird to version 143 or later. Update Thunderbird to version 140.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 **Description** A sandbox escape exists because of incorrect boundary conditions within the Graphics: CanvasWebGL component. Real-world attacks are exploiting access control, HVAC, fire alarms, and UPS systems. **Recommendations** Update Firefox to version 146 or later. Update Firefox ESR to version 115.31 or later. Update Firefox ESR to version 140.6 or later.