R

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 64 Firefox ESR versions prior to 60.4 Thunderbird versions prior to 60.4 **Description** The issue is related to an integer overflow that can lead to an out-of-bounds write in memory. This can be exploited by a remote attacker to potentially write data outside the boundaries of a buffer. The vulnerability is associated with buffer size calculations for images when an unchecked raw value is used instead of a validated value. **Recommendations** For Firefox versions prior to 64, update to version 64 or later to resolve the issue. For Firefox ESR versions prior to 60.4, update to version 60.4 or later to resolve the issue. For Thunderbird versions prior to 60.4, update to version 60.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 Firefox ESR versions prior to 60.1 Thunderbird versions prior to 60 **Description** The issue is caused by an integer overflow in the SwizzleData function, which can lead to a potentially exploitable crash when used for graphics computations with unsanitized inputs. This may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Firefox versions prior to 61, update to version 61 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Thunderbird versions prior to 60, update to version 60 or later.