Ronald Crane

Name of the Vulnerable Software and Affected Versions: libssh (affected versions not specified) Description: A flaw in the libssh library can trigger an out-of-bounds read in the `sftp handle` function due to an incorrect comparison check. This allows the function to access memory beyond the valid handle list and return an invalid pointer, which is used in further processing. An authenticated remote attacker can potentially read unintended memory regions, exposing sensitive information or affecting service behavior. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libssh (affected versions not specified) Description: The issue is related to an integer overflow in the `sftp decode channel data to packet()` function of the libssh library. This could allow a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Debian Linux (affected versions not specified) Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Thunderbird versions prior to 133 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Description: A double-free issue could occur in the `sec pkcs7 decoder start decrypt()` function when handling an error path, potentially leading to memory corruption. This issue affects the confidentiality, integrity, and availability of protected information. Recommendations: For Firefox versions prior to 133, update to version 133 or later. For Thunderbird versions prior to 133, update to version 133 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. As a temporary workaround, consider disabling the `sec pkcs7 decoder start decrypt()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 128 Firefox ESR versions prior to 115.13 Thunderbird versions prior to 115.13 Thunderbird versions prior to 128 **Description** A mismatch between allocator and deallocator could have led to memory corruption. This issue is related to improper restriction of operations within the bounds of a memory buffer, which could allow a remote attacker to impact system performance. **Recommendations** For Firefox versions prior to 128, update to version 128 or later. For Firefox ESR versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 115.13, update to version 115.13 or later. For Thunderbird versions prior to 128, update to version 128 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 126 **Description** The issue is related to the `ShmemCharMapHashEntry()` code, which was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. **Recommendations** For versions prior to 126, update to version 126 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 125 Firefox ESR versions prior to 115.10 Thunderbird versions prior to 115.10 Description: The issue is related to an integer overflow that leads to an out-of-bounds read, potentially triggered by a malformed OpenType font. This could allow a remote attacker to gain unauthorized access to protected information when processing OpenType fonts. Recommendations: For Firefox versions prior to 125, update to version 125 or later. For Firefox ESR versions prior to 115.10, update to version 115.10 or later. For Thunderbird versions prior to 115.10, update to version 115.10 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.60 **Description** The issue is related to an out of bounds read in the Fonts component of Google Chrome, which can be exploited by a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This can allow the attacker to access potentially confidential information. **Recommendations** For Google Chrome versions prior to 124.0.6367.60, update to version 124.0.6367.60 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially sensitive information and avoiding the use of crafted HTML pages that could exploit this issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 125 **Description** The issue is related to the MarkStack assignment operator, part of the JavaScript engine, which could access uninitialized memory if used in a self-assignment. This could allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 125, update to a version that contains a fix for this issue to prevent potential exploitation. As a temporary workaround, consider restricting the use of the MarkStack assignment operator in self-assignments until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 125 Firefox ESR versions prior to 115.10 Thunderbird versions prior to 115.10 **Description** The issue is related to the use of memory after it has been freed due to incorrect data movement in the AlignedBuffer structure. This could result in an incorrect reference count and later use-after-free. The vulnerability may allow a remote attacker to cause a denial of service. **Recommendations** For Firefox versions prior to 125, update to version 125 or later to resolve the issue. For Firefox ESR versions prior to 115.10, update to version 115.10 or later to resolve the issue. For Thunderbird versions prior to 115.10, update to version 115.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9 **Description** The issue is related to integer overflows in the `AppendEncodedAttributeValue()`, `ExtraSpaceNeededForAttrEncoding()`, and `AppendEncodedCharacters()` functions. This can cause underallocation of an output buffer, leading to an out of bounds write. A remote attacker could exploit this issue by using a specially crafted web page to execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 124, update to version 124 or later to resolve the issue. For Firefox ESR versions prior to 115.9, update to version 115.9 or later to resolve the issue. For Thunderbird versions prior to 115.9, update to version 115.9 or later to resolve the issue. As a temporary workaround, consider restricting access to web pages that could potentially exploit the `AppendEncodedAttributeValue()`, `ExtraSpaceNeededForAttrEncoding()`, and `AppendEncodedCharacters()` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9 **Description** The issue is related to the use of memory after it has been freed, which could be exploited by a remote attacker to execute arbitrary code using a specially crafted web page. If an attacker could trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. **Recommendations** For Firefox versions prior to 124, update to version 124 or later. For Firefox ESR versions prior to 115.9, update to version 115.9 or later. For Thunderbird versions prior to 115.9, update to version 115.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 123 **Description** The issue is related to the built-in profiler, where an incorrect object was checked for NULL, potentially leading to invalid memory access and undefined behavior. This problem only affects the application when the profiler is running. The vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 123, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the built-in profiler until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 115.6 Thunderbird versions prior to 115.6 Firefox versions prior to 121 **Description** The `ShutdownObserver()` function was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Thunderbird versions prior to 115.6, update to version 115.6 or later. For Firefox versions prior to 121, update to version 121 or later. As a temporary workaround, consider disabling the `ShutdownObserver()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 118 Firefox ESR versions prior to 115.3 Thunderbird versions prior to 115.3 **Description** The issue is related to the use of memory after it has been freed, which can lead to a potentially exploitable crash. This occurs when Windows fails to duplicate a handle during process creation, and the sandbox code inadvertently frees a pointer twice. The bug only affects Firefox on Windows when run in non-standard configurations, such as using `runas`. Other operating systems are unaffected. **Recommendations** For Firefox versions prior to 118, update to version 118 or later. For Firefox ESR versions prior to 115.3, update to version 115.3 or later. For Thunderbird versions prior to 115.3, update to version 115.3 or later. As a temporary workaround, consider avoiding the use of non-standard configurations, such as running Firefox with `runas`, until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.46 Oracle VM VirtualBox versions prior to 7.0.10 **Description** The issue is related to a vulnerability in the Oracle VM VirtualBox product, specifically in the Core component. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox executes, allowing them to compromise Oracle VM VirtualBox. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. The vulnerability applies to Windows VMs only. **Recommendations** For Oracle VM VirtualBox versions prior to 6.1.46, update to version 6.1.46 or later. For Oracle VM VirtualBox versions prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 113 **Description** The issue is related to memory safety bugs present in Firefox, which showed evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. The vulnerability can be exploited by a remote attacker using a specially crafted website, potentially allowing them to execute arbitrary code. **Recommendations** For Firefox versions prior to 113, update to version 113 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 113 Firefox ESR versions prior to 102.11 Thunderbird versions prior to 102.11 **Description** The issue is related to a buffer overflow in the FileReader::DoReadData() function, which can be exploited by a remote attacker to execute arbitrary code in the target system. This occurs when an uninitialized value is used as a read limit while reading a file. The vulnerability may allow an attacker to cause memory corruption and execute arbitrary code. **Recommendations** For Firefox versions prior to 113, update to version 113 or later to resolve the issue. For Firefox ESR versions prior to 102.11, update to version 102.11 or later to resolve the issue. For Thunderbird versions prior to 102.11, update to version 102.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 118 **Description** The issue is related to an integer overflow in the Alternate Services component of the Firefox web browser. This could lead to an out-of-bounds write to privileged process memory, potentially allowing a remote attacker to compromise data integrity. The vulnerability is specifically related to non-standard configurations where a preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled. **Recommendations** For Firefox versions prior to 118, update to version 118 or later to resolve the issue. As a temporary workaround, consider disabling the non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 111 Firefox ESR versions prior to 102.9 Thunderbird versions prior to 102.9 **Description** The issue is related to accessing throttled streams, where the count of available bytes needed to be checked in the calling function to be within bounds. This may have led to future code being incorrect and vulnerable. The vulnerability is associated with a buffer overflow in memory when checking the number of available bytes in throttled streams, which could allow a remote attacker to disclose protected information. **Recommendations** For Firefox versions prior to 111, update to version 111 or later to resolve the issue. For Firefox ESR versions prior to 102.9, update to version 102.9 or later to resolve the issue. For Thunderbird versions prior to 102.9, update to version 102.9 or later to resolve the issue.