Tsmith

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 110 **Description** The issue is related to memory safety bugs, which can lead to memory corruption. With sufficient effort, these bugs could potentially be exploited to run arbitrary code, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 110, update to version 110 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and minimizing the use of the browser until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, which can cause a denial of service due to memory corruption and application crash, or possibly allow the execution of arbitrary code via unknown vectors. **Recommendations** For versions prior to 48.0, update to version 48.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions 38.x prior to 38.7 **Description** The issue is caused by a buffer overflow in the graphite2::TtfUtil::CmapSubtable12Lookup function, located in TtfUtil.cpp, which is part of the Graphite 2 rendering tool used in Mozilla Firefox and Firefox ESR. This can be exploited by a remote attacker using a specially crafted Graphite smart font, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions 38.x prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions 38.x prior to 38.7 **Description** The issue is caused by a buffer overflow in the graphite2::Slot::getAttr function in Graphite 2, which can be exploited by a remote attacker using a specially crafted Graphite smart font. This can lead to a denial of service or potentially other impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions 38.x prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to a heap-based buffer overflow in the `graphite2::Slot::setAttr` function. This can be exploited by remote attackers using a crafted Graphite smart font, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.7 **Description** The issue is related to a buffer over-read in the graphite2::GlyphCache::Loader::Loader function, which can be exploited by remote attackers using a crafted Graphite smart font. This can cause a denial of service or possibly have other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to the graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2, which can be exploited by remote attackers using a crafted Graphite smart font. This can cause a denial of service due to a buffer over-read or possibly have other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to a heap-based buffer overflow in the `graphite2::vm::Machine::Code::Code` function. This can be exploited by remote attackers using a crafted Graphite smart font, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to the graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2, which can be exploited by remote attackers using a crafted Graphite smart font. This can cause a denial of service due to a buffer over-read or possibly have other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to a buffer over-read in the graphite2::Slot::getAttr function, which can be exploited by remote attackers using a crafted Graphite smart font. This can cause a denial of service or possibly have other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Mozilla Firefox ESR 38.x versions prior to 38.7 **Description** The issue is caused by a buffer overflow in the graphite2::GlyphCache::glyph function of Graphite 2, which is used in Mozilla Firefox and Firefox ESR. This can be exploited by a remote attacker using a specially crafted Graphite smart font, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Mozilla Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.7 **Description** The graphite2::TtfUtil::GetTableInfo function in Graphite 2 does not initialize memory for an unspecified data structure, allowing remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to the graphite2::FileFace::get table fn function in Graphite 2, which does not initialize memory for an unspecified data structure. This allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is related to the graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2, which can be exploited by remote attackers using a crafted Graphite smart font. This can cause a denial of service due to a buffer over-read or possibly have other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 versions prior to 1.3.6 Mozilla Firefox versions prior to 45.0 Mozilla Firefox ESR 38.x versions prior to 38.7 **Description** The issue is caused by a buffer overflow in the CachedCmap.cpp component of Graphite 2, a rendering tool used in Mozilla Firefox and Firefox ESR. This can be exploited by a remote attacker using a specially crafted Graphite smart font, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Graphite 2 versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later to resolve the issue. For Mozilla Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (NSS) versions prior to 3.19.2.1 Mozilla Network Security Services (NSS) versions 3.20.x prior to 3.20.1 Firefox versions prior to 42.0 Firefox ESR 38.x versions prior to 38.4 **Description** The issue is related to the `sec asn1d parse leaf` function, which improperly restricts access to a data structure. This can be exploited by remote attackers using crafted OCTET STRING data, potentially leading to a denial of service or execution of arbitrary code. The problem is described as a "use-after-poison" issue and is also related to a buffer overflow. **Recommendations** For Mozilla Network Security Services (NSS) versions prior to 3.19.2.1, update to version 3.19.2.1 or later. For Mozilla Network Security Services (NSS) versions 3.20.x prior to 3.20.1, update to version 3.20.1 or later. For Firefox versions prior to 42.0, update to version 42.0 or later. For Firefox ESR 38.x versions prior to 38.4, update to version 38.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 38.0 **Description** A race condition exists in the nsThreadManager::RegisterCurrentThread function, allowing remote attackers to execute arbitrary code or cause a denial of service. This is due to improper Media Decoder Thread creation at the time of a shutdown, resulting in use-after-free and heap memory corruption. **Recommendations** For versions prior to 38.0, update to version 38.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 26.0 Firefox ESR 24.x versions prior to 24.2 Thunderbird versions prior to 24.2 SeaMonkey versions prior to 2.23 **Description** The issue allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. This is due to a problem in the nsGfxScrollFrameInner::IsLTR function. **Recommendations** For Mozilla Firefox versions prior to 26.0, update to version 26.0 or later. For Firefox ESR 24.x versions prior to 24.2, update to version 24.2 or later. For Thunderbird versions prior to 24.2, update to version 24.2 or later. For SeaMonkey versions prior to 2.23, update to version 2.23 or later.