Yury Delendik

**Name of the Vulnerable Software and Affected Versions** Firefox versions 130 and earlier Firefox ESR versions 128.2 and earlier Thunderbird versions 128.2 and earlier **Description** The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code, with evidence of memory corruption found in some cases. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with a buffer overflow when cloning objects, which can be exploited by a remote attacker. **Recommendations** For Firefox version 130 and earlier, update to version 131 or later. For Firefox ESR version 128.2 and earlier, update to version 128.3 or later. For Thunderbird version 128.2 and earlier, update to version 128.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 130 Firefox ESR versions prior to 128.2 Thunderbird versions prior to 128.2 **Description** The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code. These bugs have shown evidence of memory corruption. The vulnerability can be exploited by a remote attacker using a specially crafted web page, allowing them to execute arbitrary code. **Recommendations** For Firefox versions prior to 130, update to version 130 or later. For Firefox ESR versions prior to 128.2, update to version 128.2 or later. For Thunderbird versions prior to 128.2, update to version 128.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 121 **Description** The issue is related to memory safety bugs, which can lead to memory corruption. With sufficient effort, these bugs could potentially be exploited to run arbitrary code. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For versions prior to 121, update to version 121 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or data within the browser until the update is applied.