Zijie Zhao

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Firefox ESR versions prior to 115.37 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 **Description** A use-after-free issue exists in the Networking: HTTP component. Use-after-free occurs when an application continues to use a pointer after it has been freed, which can lead to crashes or arbitrary code execution. **Recommendations** Update Firefox to version 152. Update Firefox ESR to version 140.12. Update Firefox ESR to version 115.37. Update Thunderbird to version 152. Update Thunderbird to version 140.12.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 **Description** Incorrect boundary conditions exist within the Web Audio component. **Recommendations** Update Firefox to version 152. Update Firefox ESR to version 140.12. Update Thunderbird to version 152. Update Thunderbird to version 140.12.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 **Description** A memory safety bug exists in the software, which could lead to unexpected behavior or crashes when memory is handled incorrectly. **Recommendations** Update to version 152 Update to version 140.12 Update to version 152 Update to version 140.12

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Thunderbird versions prior to 148 **Description** An issue exists due to uninitialized memory within the Graphics: Text component. **Recommendations** Update Firefox to version 148 or later. Update Thunderbird to version 148 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 83 Firefox ESR versions prior to 78.5 Thunderbird versions prior to 78.5 **Description** The issue arises when the Compact() method is called on an nsTArray, potentially leading to the array being reallocated without updating other pointers. This can result in a use-after-free situation and an exploitable crash. **Recommendations** For Firefox versions prior to 83, update to version 83 or later to resolve the issue. For Firefox ESR versions prior to 78.5, update to version 78.5 or later to resolve the issue. For Thunderbird versions prior to 78.5, update to version 78.5 or later to resolve the issue.