Sebastian Hengst

**Name of the Vulnerable Software and Affected Versions** Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149 **Description** Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. **Recommendations** Update Firefox ESR to version 140.10. Update Thunderbird ESR to version 140.10. Update Firefox to version 150. Update Thunderbird to version 150.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Thunderbird versions prior to 142 Description: Memory safety bugs are present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption, and it is presumed that with sufficient effort, some of them could have been exploited to run arbitrary code. Recommendations: Update Firefox to version 142 or later. Update Thunderbird to version 142 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 136 Thunderbird versions prior to 136 **Description** The issue is related to memory safety bugs that could potentially lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 136, update to version 136 or later to resolve the issue. For Thunderbird versions prior to 136, update to version 136 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 135 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 **Description** Memory safety bugs have been detected in Firefox and Thunderbird, showing evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 135, update to version 135 or later. For Firefox ESR versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 128.7, update to version 128.7 or later. For Thunderbird versions prior to 135, update to version 135 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 131 Firefox ESR versions prior to 128.3 Firefox ESR versions prior to 115.16 Thunderbird versions prior to 128.3 Thunderbird versions prior to 131 **Description** The issue is related to memory safety bugs that can lead to memory corruption, potentially allowing a remote attacker to bypass security restrictions and execute arbitrary code. Some of these bugs have shown evidence of memory corruption, and it is presumed that with sufficient effort, they could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 131, update to version 131 or later. For Firefox ESR versions prior to 128.3, update to version 128.3 or later. For Firefox ESR versions prior to 115.16, update to version 115.16 or later. For Thunderbird versions prior to 128.3, update to version 128.3 or later. For Thunderbird versions prior to 131, update to version 131 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions 130 and earlier Firefox ESR versions 128.2 and earlier Thunderbird versions 128.2 and earlier **Description** The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code, with evidence of memory corruption found in some cases. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with a buffer overflow when cloning objects, which can be exploited by a remote attacker. **Recommendations** For Firefox version 130 and earlier, update to version 131 or later. For Firefox ESR version 128.2 and earlier, update to version 128.3 or later. For Thunderbird version 128.2 and earlier, update to version 128.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 117 Firefox ESR versions prior to 115.2 Thunderbird versions prior to 115.2 **Description** The issue is related to memory safety bugs, which have shown evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 117, update to version 117 or later. For Firefox ESR versions prior to 115.2, update to version 115.2 or later. For Thunderbird versions prior to 115.2, update to version 115.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 114 Firefox ESR versions prior to 102.12 Thunderbird versions prior to 102.12 **Description** The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code, with evidence of memory corruption found in some cases. This could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 114, update to version 114 or later. For Firefox ESR versions prior to 102.12, update to version 102.12 or later. For Thunderbird versions prior to 102.12, update to version 102.12 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 113 Firefox ESR versions prior to 102.11 Thunderbird versions prior to 102.11 **Description** The issue is caused by memory safety bugs, including buffer overflow, which can lead to memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. An attacker could exploit this issue by tricking a user into opening a specially crafted website, potentially leading to the execution of arbitrary code in the target system. **Recommendations** For Firefox versions prior to 113, update to version 113 or later. For Firefox ESR versions prior to 102.11, update to version 102.11 or later. For Thunderbird versions prior to 102.11, update to version 102.11 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 112 Focus for Android versions prior to 112 Firefox ESR versions prior to 102.10 Firefox for Android versions prior to 112 Thunderbird versions prior to 102.10 **Description** The issue is related to memory safety bugs and buffer overflow errors when processing HTML content, which can lead to memory corruption. With sufficient effort, these bugs could potentially be exploited to run arbitrary code. An attacker could create a specially crafted website, trick a victim into opening it, and cause memory damage, potentially executing arbitrary code on the target system. **Recommendations** For Firefox versions prior to 112, update to version 112 or later. For Focus for Android versions prior to 112, update to version 112 or later. For Firefox ESR versions prior to 102.10, update to version 102.10 or later. For Firefox for Android versions prior to 112, update to version 112 or later. For Thunderbird versions prior to 102.10, update to version 102.10 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 105 Firefox ESR versions prior to 102.3 Thunderbird versions prior to 102.3 **Description** The issue is related to memory safety bugs, which could potentially be exploited to run arbitrary code. These bugs showed evidence of memory corruption. The vulnerability can be exploited by a remote attacker using a specially crafted website, potentially leading to memory damage and arbitrary code execution in the target system. **Recommendations** For Firefox versions prior to 105, update to version 105 or later. For Firefox ESR versions prior to 102.3, update to version 102.3 or later. For Thunderbird versions prior to 102.3, update to version 102.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 99 **Description** The issue is related to a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code using a specially crafted web page. Memory safety bugs were reported, showing evidence of memory corruption, and it is presumed that some of these could be exploited to run arbitrary code. **Recommendations** For versions prior to 99, update to version 99 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 97 **Description** The issue is related to errors in processing HTML content. It may allow a remote attacker to execute arbitrary code using a specially crafted web page. Memory safety bugs have been reported, showing evidence of memory corruption, which could potentially be exploited to run arbitrary code. **Recommendations** For versions prior to 97, update to version 97 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML content until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 91 **Description** The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. It is associated with memory safety bugs that showed evidence of memory corruption, which could potentially be exploited. **Recommendations** For versions prior to 91, update to version 91 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 89 **Description** The issue is related to the lack of proper validation of incoming requests, which could allow a remote attacker to access and compromise confidential data. Additionally, there's a concern with how Firefox handles filename caching for printing, potentially leading to the storage of website titles visited during private browsing mode on disk. **Recommendations** For versions prior to 89, update to version 89 or later to resolve the issue. As a temporary workaround, consider restricting the use of the printing feature until a patch is applied. Avoid using the private browsing mode for sensitive activities until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86 Description: Mozilla developers reported memory safety bugs present in Firefox 85, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. Recommendations: For versions prior to 86, update to version 86 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 85 **Description** The issue is related to memory safety bugs present in Firefox, which showed evidence of memory corruption. It is presumed that with enough effort, some of these bugs could have been exploited to run arbitrary code. The vulnerability is also described as a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 85, update to version 85 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or modules in Firefox until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 82 **Description** The issue is related to memory safety bugs that were reported by Mozilla developers in Firefox 81, some of which showed evidence of memory corruption. It is presumed that with sufficient effort, some of these bugs could have been exploited to run arbitrary code. **Recommendations** For versions prior to 82, update to version 82 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 62 **Description** The issue is related to memory safety bugs in Firefox, which can lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is caused by a buffer overflow in memory, allowing a remote attacker to potentially execute arbitrary code. **Recommendations** For versions prior to 62, update to version 62 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 Firefox ESR versions prior to 60.1 Thunderbird versions prior to 60 **Description** The issue is related to memory safety bugs that can lead to memory corruption. It is presumed that with sufficient effort, these bugs could be exploited to run arbitrary code. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 61, update to version 61 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Thunderbird versions prior to 60, update to version 60 or later.