Zx

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.78 Description: The issue is related to a type confusion in the ANGLE graphics layer engine, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This could potentially enable the attacker to bypass sandbox protection mechanisms and execute arbitrary code. The severity of this issue is considered critical. Recommendations: For Google Chrome versions prior to 124.0.6367.78, update to version 124.0.6367.78 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or disabling the use of the ANGLE graphics layer engine until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 115 Firefox ESR versions prior to 102.13 Thunderbird versions prior to 102.13 **Description** The issue is related to cross-compartment wrappers wrapping a scripted proxy, which could cause objects from other compartments to be stored in the main compartment, resulting in a use-after-free. This could allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Firefox versions prior to 115, update to version 115 or later. For Firefox ESR versions prior to 102.13, update to version 102.13 or later. For Thunderbird versions prior to 102.13, update to version 102.13 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 112 Focus for Android versions prior to 112 Firefox ESR versions prior to 102.10 Firefox for Android versions prior to 112 Thunderbird versions prior to 102.10 **Description** An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. The issue is related to the incorrect freeing of a pointer, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability can be triggered by visiting a specially crafted web page, leading to memory corruption and potentially allowing the execution of arbitrary code. **Recommendations** For Firefox versions prior to 112, update to version 112 or later. For Focus for Android versions prior to 112, update to version 112 or later. For Firefox ESR versions prior to 102.10, update to version 102.10 or later. For Firefox for Android versions prior to 112, update to version 112 or later. For Thunderbird versions prior to 102.10, update to version 102.10 or later.