R3M0T3Nu11

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 128.7 **Description** The Thunderbird Address Book URI fields contained unsanitized links, which could be used by an attacker to create and export an address book containing a malicious payload in a field, such as the "Other" field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute unprivileged JavaScript. **Recommendations** For Thunderbird versions prior to 128.7, update to version 128.7 or later to resolve the issue. As a temporary workaround, consider avoiding the import of address books from untrusted sources to minimize the risk of exploitation. Restrict access to the Address Book URI fields to prevent the creation and export of malicious address books.

**Name of the Vulnerable Software and Affected Versions** Remote Desktop Manager versions 2023.3.9.3 and earlier **Description** The issue allows an attacker to execute code via the `DYLIB INSERT LIBRARIES` environment variable. This is a code injection problem in Remote Desktop Manager on macOS. **Recommendations** For Remote Desktop Manager versions 2023.3.9.3 and earlier, consider restricting the use of the `DYLIB INSERT LIBRARIES` environment variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.