Q1

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 **Description** An integer overflow exists in the Widget: Win32 component. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits. **Recommendations** Update to version 151 Update to version 140.11 Update to version 151 Update to version 140.11

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to a use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation. This could allow remote attackers to cause a denial of service or possibly have other unspecified impacts via unknown vectors. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider disabling WebRTC functionality until a patch is available. Restrict access to WebRTC-related features to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to multiple race conditions in the WebRTC implementation, specifically in the dom/media/systemservices/CamerasChild.cpp file. These race conditions might allow remote attackers to cause a denial of service, potentially resulting in memory corruption, or possibly have other unspecified impacts. The exact vectors for exploitation are unknown. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider disabling the WebRTC implementation until a patch is available. Restrict access to the CamerasChild.cpp functionality to minimize the risk of exploitation. Avoid using the affected WebRTC features in Mozilla Firefox until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is caused by an integer underflow in the `srtp unprotect` function in the WebRTC implementation. This could allow a remote attacker to cause a denial of service, potentially resulting in memory corruption, or have other unspecified impacts. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of WebRTC functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to the I420VideoFrame::CreateFrame function in the WebRTC implementation, which omits an unspecified status check. This could allow remote attackers to cause a denial of service, potentially through memory corruption, or have other unknown impacts. The vulnerability is also described as a buffer overflow issue in the same function. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider disabling the WebRTC implementation until a patch is available. Restrict access to the I420VideoFrame::CreateFrame function to minimize the risk of exploitation. Avoid using the affected WebRTC functionality in Mozilla Firefox until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to a race condition in libvpx, which could allow remote attackers to cause a denial of service, specifically a use-after-free error, or possibly have other unspecified impacts. This is due to insufficient checking of resource state when the resource is shared. The exact vectors for exploitation are unknown. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider restricting access to libvpx until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to a race condition in the GetStaticInstance function in the WebRTC implementation. This is due to insufficient checking of resource state when the resource can be shared. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service, specifically a use-after-free condition. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of WebRTC functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to the nsScannerString::AppendUnicodeTo function, which does not verify that memory allocation succeeds. This allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. **Recommendations** For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** NSPR versions prior to 4.12 **Description** The issue is caused by multiple integer overflows in the io/prprf.c file of Mozilla Netscape Portable Runtime (NSPR), allowing remote attackers to potentially cause a denial of service or have other unspecified impacts by providing a long string to a PR *printf function. **Recommendations** For versions prior to 4.12, update to version 4.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 **Description** The issue is related to the MoofParser::Metadata function in libstagefright, which does not limit the size of read operations. This might allow remote attackers to cause a denial of service due to an integer overflow and buffer overflow, or possibly have other unspecified impacts via crafted metadata. The vulnerability is associated with a buffer overflow in dynamic memory caused by an integer overflow. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted metadata to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 **Description** The issue is related to the nsZipArchive function in Mozilla Firefox, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 **Description** The issue is related to a buffer overflow in the Buffer11::NativeBuffer11::map function in ANGLE, used in Mozilla Firefox. This could allow a remote attacker to cause a denial of service, resulting in memory corruption, or possibly have other unspecified impacts. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Buffer11::NativeBuffer11::map function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 **Description** The issue is related to a buffer overflow in the nsDeque::GrowCapacity function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. This could be achieved by exploiting the vulnerability in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp. **Recommendations** For versions prior to 43.0, update to version 43.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `nsDeque::GrowCapacity` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 Firefox ESR versions prior to 38.5 **Description** The issue is related to an integer overflow in the `MPEG4Extractor::readMetaData` function in `MPEG4Extractor.cpp` in `libstagefright`. This can be exploited by a remote attacker using a specially crafted MP4 video file, potentially allowing the execution of arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Firefox ESR versions prior to 38.5, update to version 38.5 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 Firefox ESR versions prior to 38.5 **Description** The issue is caused by an integer underflow in the `RTPReceiverVideo::ParseRtpPacket` function. This could allow a remote attacker to obtain sensitive information, cause a denial of service, or have other unspecified impacts by triggering a crafted WebRTC RTP packet. **Recommendations** For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Firefox ESR versions prior to 38.5, update to version 38.5 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 Mozilla Firefox ESR versions 38.x prior to 38.4 **Description** The issue is related to a buffer overflow in the rx::TextureStorage11 class, which can be exploited by a remote attacker. This exploitation can lead to a denial of service, specifically memory corruption, or potentially other unspecified impacts. The attack vector involves crafted texture data. **Recommendations** For Mozilla Firefox versions prior to 42.0, update to version 42.0 or later. For Mozilla Firefox ESR versions 38.x prior to 38.4, update to version 38.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 Firefox ESR versions prior to 38.4 **Description** The issue is related to the lack of status checking in the `AddWeightedPathSegLists` and `SVGPathSegListSMILType::Interpolate` functions, which can be exploited by remote attackers using a crafted SVG document. This can lead to a denial of service due to memory corruption or possibly have other unspecified impacts. **Recommendations** For Mozilla Firefox versions prior to 42.0, update to version 42.0 or later to resolve the issue. For Firefox ESR versions prior to 38.4, update to version 38.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 Mozilla Firefox ESR versions prior to 38.4 **Description** The CryptoKey interface implementation lacks status checking, allowing attackers to have an unspecified impact via vectors related to a cryptographic key. **Recommendations** For Mozilla Firefox versions prior to 42.0, update to version 42.0 or later. For Mozilla Firefox ESR versions prior to 38.4, update to version 38.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 Mozilla Firefox ESR versions prior to 38.3 **Description** The issue is related to the incorrect allocation of memory for shader attribute arrays by the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE. This can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in a buffer overflow and application crash, via crafted OpenGL or WebGL content. **Recommendations** For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later. For Mozilla Firefox ESR versions prior to 38.3, update to version 38.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 41.0 Firefox ESR versions prior to 38.3 **Description** The issue is caused by a buffer overflow in the ReadbackResultWriterD3D11::Run function. This can be exploited by a remote attacker to cause a denial of service due to the function's incorrect handling of return data, potentially leading to memory corruption and application crash. **Recommendations** For Firefox versions prior to 41.0, update to version 41.0 or later to resolve the issue. For Firefox ESR versions prior to 38.3, update to version 38.3 or later to resolve the issue.