ROS-20230919-04

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the lack of a
warning when opening Diagcab files. Exploitation of the vulnerability could allow an attacker to perform a spoofing attack.
a spoofing attack.

The vulnerability in Mozilla Thunderbird mail client is related to the use of incorrect values during the
WASM compilation, resulting in a state value being used for a global variable in the
JIT analysis of the WASM during the content process. Exploitation of the vulnerability could allow an attacker,
acting remotely, trick the victim into opening a malicious web page and executing
arbitrary code on the system.

The vulnerability in the Mozilla Thunderbird email client involves improper tracking of distortions between
sources in Offscreen Canvas. Exploitation of the vulnerability could allow an attacker acting
remotely, to violate the same source policy and access image data from a different
Web site.

A vulnerability in the Mozilla Thunderbird email client is related to a boundary error in HTML content processing.
Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into
to open a specially crafted web page, cause memory corruption, and execute arbitrary code on the target system.
target system.

A vulnerability in the Mozilla Thunderbird email client involves a bug in the calculation of the delay of pop-up notifications.
notifications. Exploitation of the vulnerability could allow a remote attacker to trick a victim into granting permissions.
to trick the victim into granting permissions.

Full-screen notification vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client.
Thunderbird is related to insufficient warning of dangerous actions. Exploitation of the vulnerability could
allow a remote attacker to perform a spoofing attack.

Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client of the operating systems
Windows operating systems is related to insufficient warning about dangerous actions when processing files with the extension
appref-ms. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code

Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to errors in
state management errors as a result of exceeding the number of cookies in document.cookie. Exploitation
vulnerability could allow a remote intruder to affect the integrity of protected information.
information.

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the writing of data outside the buffer in memory.
data outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary command and control program.
remotely to execute arbitrary code.

Mozilla Thunderbird mail client vulnerability is related to a boundary error in StorageManager when processing an unreliable input stream.
when processing an untrusted input stream. Exploitation of the vulnerability could allow an attacker acting
remotely, trick the victim into opening a specially crafted website, causing a stack buffer overflow, and executing arbitrary code.
buffer overflow, and execute arbitrary code on the target system.

The vulnerability in the Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to a bug in the
use of freed memory in cross-compartmentalized shells. Exploitation of the vulnerability could
allow an attacker acting remotely to execute arbitrary code or cause a denial of
denial of service.

The vulnerability in the Mozilla Thunderbird email client is related to the application not properly controlling the
Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service.
could allow a remote attacker to cause resource exhaustion and execute a denial of service attack.
"denial-of-service attack.

A vulnerability in the Mozilla Thunderbird email client is related to a memory usage error after memory has been
freeing. Exploitation of the vulnerability could allow a remote attacker to trick a victim into opening a specially crafted web page.
a victim to open a specially crafted web page, trigger a race condition, and execute
arbitrary code.

A vulnerability in the WebRTC technology of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers
is related to a freed memory usage error. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary code or cause a denial of service.