Randell Jesup

**Name of the Vulnerable Software and Affected Versions** Thunderbird version 150 Firefox version 150 **Description** Memory safety bugs involving memory corruption may allow an attacker to execute arbitrary code. **Recommendations** Update Thunderbird to version 151. Update Firefox to version 151.

**Name of the Vulnerable Software and Affected Versions** Firefox versions 140.10 through 150 Thunderbird versions 140.10 through 150 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Firefox to version 151 or ESR 140.11. Update Thunderbird to version 151 or 140.11.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Thunderbird versions prior to 148 **Description** The software contains memory safety bugs. Some of these bugs exhibited evidence of memory corruption, and it is presumed that, with sufficient effort, they could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 148 or later. Update Thunderbird to version 148 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 **Description** A use-after-free issue exists in the IPC component. This can potentially lead to undesirable behavior. **Recommendations** Update Firefox to version 147 or later. Update Firefox ESR to version 115.32 or later. Update Firefox ESR to version 140.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 139 Firefox ESR versions prior to 115.24 Firefox ESR versions prior to 128.11 **Description** A double-free issue could occur in the `vpx codec enc init multi` function after a failed allocation when initializing the encoder for WebRTC, potentially causing memory corruption and a crash. **Recommendations** For Firefox versions prior to 139, update to version 139 or later. For Firefox ESR versions prior to 115.24, update to version 115.24 or later. For Firefox ESR versions prior to 128.11, update to version 128.11 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 128.11 Thunderbird versions prior to 128.11 **Description** A memory safety bug is present, showing evidence of memory corruption. It is presumed that with enough effort, this could be exploited to run arbitrary code. **Recommendations** For Firefox ESR versions prior to 128.11, update to version 128.11 or later. For Thunderbird versions prior to 128.11, update to version 128.11 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 136 Thunderbird versions prior to 136 **Description** The issue is related to memory safety bugs that could potentially lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 136, update to version 136 or later to resolve the issue. For Thunderbird versions prior to 136, update to version 136 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Firefox ESR versions prior to 115.20 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 **Description** Memory safety bugs have been detected in Firefox and Thunderbird, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 135, update to version 135 or later. For Firefox ESR versions prior to 115.20, update to version 115.20 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 135, update to version 135 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Firefox ESR versions prior to 115.13 Thunderbird versions prior to 115.13 Thunderbird versions prior to 128 **Description** The issue is related to memory safety bugs present in Firefox, Firefox ESR, and Thunderbird. Some of these bugs showed evidence of memory corruption, and it is presumed that with sufficient effort, some of them could have been exploited to run arbitrary code. The vulnerability is also associated with a buffer overflow due to a lack of input size validation, which could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 128, update to version 128 or later. For Firefox ESR versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 128, update to version 128 or later. As a temporary workaround, consider restricting the use of affected components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 127 **Description** The issue is related to memory safety bugs, including buffer overflow, which can lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 127, update to version 127 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and minimizing the use of Firefox until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 123 Firefox ESR versions prior to 115.8 Thunderbird versions prior to 115.8 **Description** The issue is related to memory safety bugs that can lead to memory corruption, potentially allowing a remote attacker to execute arbitrary code. Some of these bugs have shown evidence of memory corruption, and it is presumed that with enough effort, they could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 123, update to version 123 or later to resolve the issue. For Firefox ESR versions prior to 115.8, update to version 115.8 or later to resolve the issue. For Thunderbird versions prior to 115.8, update to version 115.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 123 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code with enough effort. The vulnerability is also described as a buffer overflow issue that could allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 123, update to version 123 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or modules in Firefox until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 121 Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 **Description** The issue is related to memory safety bugs, which can lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow in memory, which can allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 121, update to version 121 or later. For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 **Description** A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later. As a temporary workaround, consider disabling the `nsDNSService::Init` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 119 Firefox ESR versions prior to 115.4 Thunderbird versions prior to 115.4.1 **Description** The issue is related to memory safety bugs that can lead to memory corruption. It is presumed that with sufficient effort, these bugs could be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, which can allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 119, update to version 119 or later. For Firefox ESR versions prior to 115.4, update to version 115.4 or later. For Thunderbird versions prior to 115.4.1, update to version 115.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 117 Firefox ESR versions prior to 102.15 and prior to 115.2 Thunderbird versions prior to 102.15 and prior to 115.2 **Description** The issue is related to memory safety bugs that can lead to memory corruption, potentially allowing a remote attacker to execute arbitrary code. Some of these bugs have shown evidence of memory corruption, and it is presumed that with enough effort, they could be exploited. **Recommendations** For Firefox versions prior to 117, update to version 117 or later. For Firefox ESR versions prior to 102.15, update to version 102.15 or later. For Firefox ESR versions prior to 115.2, update to version 115.2 or later. For Thunderbird versions prior to 102.15, update to version 102.15 or later. For Thunderbird versions prior to 115.2, update to version 115.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 114 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. Exploitation of this issue may allow a remote attacker to execute arbitrary code using a specially crafted malicious web page. **Recommendations** For versions prior to 114, update to version 114 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 113 **Description** The issue is related to memory safety bugs present in Firefox, which showed evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. The vulnerability can be exploited by a remote attacker using a specially crafted website, potentially allowing them to execute arbitrary code. **Recommendations** For Firefox versions prior to 113, update to version 113 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 108 Firefox ESR versions prior to 102.6 Thunderbird versions prior to 102.6 **Description** The issue is related to memory safety bugs and buffer overflow, which could potentially allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. Some of these bugs showed evidence of memory corruption and it is presumed that with enough effort, some of these could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 108, update to version 108 or later. For Firefox ESR versions prior to 102.6, update to version 102.6 or later. For Thunderbird versions prior to 102.6, update to version 102.6 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 101 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. The vulnerability can be triggered by processing specially crafted HTML content, allowing a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 101, update to version 101 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted web pages to minimize the risk of exploitation. Avoid using Firefox to access potentially malicious websites until the issue is resolved.