On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Mozilla Foundation Security Advisory 2024-19
Security Vulnerabilities fixed in Firefox ESR 11510
Announced
April 16, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 11510
...
Mozilla Foundation Security Advisory 2024-18
Security Vulnerabilities fixed in Firefox 125
Announced
April 16, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 125
...
Mozilla Foundation Security Advisory 2024-20
Security Vulnerabilities fixed in Thunderbird 11510
Announced
April 16, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 11510
...