Root Object

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.7 Thunderbird versions prior to 52.7 **Description** An integer overflow can occur during the conversion of text to some Unicode character sets due to an unchecked length parameter. **Recommendations** For Firefox ESR versions prior to 52.7, update to version 52.7 or later. For Thunderbird versions prior to 52.7, update to version 52.7 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.8 Firefox versions prior to 52.8 Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to a buffer overflow that occurs during the conversion of a UTF-8 string to Unicode, potentially allowing a remote attacker to execute arbitrary code. This can happen when extremely large amounts of data are processed within JavaScript, and it requires the use of a malicious or vulnerable legacy extension. **Recommendations** For Firefox ESR versions prior to 52.8, update to version 52.8 or later. For Firefox versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later. As a temporary workaround, consider disabling the use of legacy extensions until a patch is available.