Sajeeb Lohani

**Name of the Vulnerable Software and Affected Versions** KissFFT versions prior to commit 8a8e66e **Description** An integer overflow occurs in the `kiss fftndr alloc()` function within kiss fftndr.c. The allocation size calculation `dimOther*(dimReal+2)*sizeof(kiss fft scalar)` overflows signed 32-bit integer arithmetic before being widened to `size t`, leading to the allocation of an undersized buffer via `malloc()`. An attacker can trigger a heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed `INT MAX`, enabling writes beyond the allocated buffer region when `kiss fftndr()` processes the data. **Recommendations** Update to commit 8a8e66e or a newer version. As a temporary workaround, consider restricting the input dimensions used in the `kiss fftndr alloc()` function to prevent the calculation from exceeding the maximum value of a signed 32-bit integer.

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 140.9.1 Thunderbird versions prior to 149.0.2 Thunderbird versions prior to 140.9.1 Description The software contains incorrect boundary conditions and an integer overflow within the Graphics: Text component. Recommendations Update Firefox to version 149.0.2 or later. Update Firefox ESR to version 140.9.1 or later. Update Thunderbird to version 149.0.2 or later. Update Thunderbird to version 140.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Thunderbird versions prior to 148 **Description** A use-after-free condition exists in the DOM Core and HTML components. This issue could allow for unexpected behavior or potential compromise. **Recommendations** Update Firefox to version 148 or later. Update Thunderbird to version 148 or later.

**Name of the Vulnerable Software and Affected Versions** alsa-lib versions 1.2.2 through 1.2.15.2 **Description** alsa-lib contains a heap-based buffer overflow in the topology mixer control decoder. The `tplg decode control mixer1()` function reads the `num channels` field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array `SND TPLG MAX CHAN`. A crafted topology file with an excessive `num channels` value can cause out-of-bounds heap writes, leading to a crash. **Recommendations** Update to a version of alsa-lib after commit 5f7fe33.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The Audio/Video: GMP component contains incorrect boundary conditions. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** An issue exists due to incorrect boundary conditions within the Audio/Video component. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The vulnerability stems from incorrect boundary conditions within the Graphics component. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** An issue exists due to incorrect boundary conditions within the Audio/Video component. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The issue involves incorrect boundary conditions within the Graphics: Text component. This could potentially lead to unexpected behavior or instability. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird ESR versions prior to 140.9 **Description** The software contains memory safety bugs, some of which demonstrate evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could potentially be exploited to execute arbitrary code. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird ESR to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A use-after-free issue exists in the JavaScript: WebAssembly component. This can potentially lead to unexpected behavior or allow for malicious actions. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A sandbox escape issue exists in the Storage: IndexedDB component. This allows a potential escape from the browser's security sandbox. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A use-after-free issue exists in the Storage: IndexedDB component. This can potentially lead to unexpected behavior or crashes. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A flaw exists due to incorrect boundary conditions within the Telemetry component of the software. This issue could allow for a sandbox escape. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** A flaw exists that allows for a sandbox escape due to incorrect boundary conditions within the DOM Core & HTML component. This issue could potentially allow an attacker to bypass security restrictions. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** The JavaScript Engine component contains an invalid pointer issue. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The Graphics: Canvas2D component contains incorrect boundary conditions. This issue may allow for unexpected behavior or potential security implications. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The Graphics: Canvas2D component contains incorrect boundary conditions. This issue may allow for unexpected behavior or potential security implications due to improper handling of boundaries within the Canvas2D functionality. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** A sandbox escape exists because of incorrect boundary conditions within the Telemetry component. This issue could allow an attacker to bypass the intended security restrictions of the sandbox environment. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** A flaw exists in Firefox and Thunderbird due to a use-after-free condition within the Disability Access APIs component, potentially allowing for a sandbox escape. This issue could allow an attacker to bypass security restrictions and gain unauthorized access. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.