When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 128.6.0 (excluding) |
| Firefox | Mozilla | * | 134.0 (excluding) |
| Thunderbird | Mozilla | * | 128.6.0 (excluding) |
| Thunderbird | Mozilla | 129.0 (including) | 134.0 (excluding) |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | firefox-0:128.6.0-1.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | firefox-0:128.6.0-1.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | thunderbird-0:128.6.0-3.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | firefox-0:128.6.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | thunderbird-0:128.6.0-3.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | firefox-0:128.6.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | thunderbird-0:128.6.0-3.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | firefox-0:128.6.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | thunderbird-0:128.6.0-3.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | firefox-0:128.6.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | thunderbird-0:128.6.0-3.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | firefox-0:128.6.0-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | thunderbird-0:128.6.0-3.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | firefox-0:128.6.0-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | thunderbird-0:128.6.0-3.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | firefox-0:128.6.0-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | thunderbird-0:128.6.0-3.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | firefox-0:128.6.0-1.el8_8 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | thunderbird-0:128.6.0-3.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | firefox-0:128.6.0-1.el9_5 | * |
| Red Hat Enterprise Linux 9 | RedHat | thunderbird-0:128.6.0-3.el9_5 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | firefox-0:128.6.0-1.el9_0 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | thunderbird-0:128.6.0-3.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | firefox-0:128.6.0-1.el9_2 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | thunderbird-0:128.6.0-3.el9_2 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | firefox-0:128.6.0-1.el9_4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | thunderbird-0:128.6.0-3.el9_4 | * |
| Firefox | Ubuntu | focal | * |
| Mozjs102 | Ubuntu | esm-apps/noble | * |
| Mozjs102 | Ubuntu | jammy | * |
| Mozjs102 | Ubuntu | noble | * |
| Mozjs115 | Ubuntu | noble | * |
| Mozjs115 | Ubuntu | oracular | * |
| Mozjs115 | Ubuntu | plucky | * |
| Mozjs52 | Ubuntu | esm-infra/bionic | * |
| Mozjs52 | Ubuntu | focal | * |
| Mozjs68 | Ubuntu | esm-infra/focal | * |
| Mozjs68 | Ubuntu | focal | * |
| Mozjs78 | Ubuntu | jammy | * |
| Mozjs91 | Ubuntu | jammy | * |
| Thunderbird | Ubuntu | jammy | * |