**Name of the Vulnerable Software and Affected Versions:**

Mozilla Firefox versions prior to 128.10.1esr-1~deb11u1

Mozilla Firefox versions prior to 128.10.1esr-1~deb12u1

Mozilla Thunderbird versions prior to 1:128.11.0esr-1~deb11u1

Mozilla Thunderbird versions prior to 1:128.11.0esr-1~deb12u1

Mozilla Firefox ESR versions less than 115.23.1

**Description:**

A vulnerability exists in the JavaScript engine of Mozilla Firefox and Thunderbird that allows for out-of-bounds read or write operations on JavaScript objects. This occurs due to confusion regarding array index sizes. Successful exploitation could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. The vulnerability is actively exploited. The issue stems from a failure in the JIT compiler, specifically within the IonMonkey engine, to properly optimize array operations, leading to incorrect boundary checks. An attacker can manipulate the JIT compiler to bypass these checks, potentially gaining access to adjacent memory structures, such as other arrays, objects, or ArrayBuffer/TypedArray structures. This can result in information leakage or the ability to modify object fields and pointers.

**Recommendations:**

Mozilla Firefox versions prior to 128.10.1esr-1~deb11u1: Upgrade to version 128.10.1esr-1~deb11u1 or later.

Mozilla Firefox versions prior to 128.10.1esr-1~deb12u1: Upgrade to version 128.10.1esr-1~deb12u1 or later.

Mozilla Thunderbird versions prior to 1:128.11.0esr-1~deb11u1: Upgrade to version 1:128.11.0esr-1~deb11u1 or later.

Mozilla Thunderbird versions prior to 1:128.11.0esr-1~deb12u1: Upgrade to version 1:128.11.0esr-1~deb12u1 or later.

Mozilla Firefox ESR versions less than 115.23.1: Upgrade to version 115.23.1 or later.