An inconsistent comparator in xslt/txNodeSorter could have resulted
in potentially exploitable out-of-bounds access. Only affected
version 122 and later. This vulnerability affects Firefox <
136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird
< 128.8.
Under certain circumstances, a user opt-in setting that Focus should
require authentication before use could have been be bypassed
(distinct from CVE-2025-0245). This vulnerability affects Firefox
< 136.
When String.toUpperCase() caused a string to get longer it was
possible for uninitialized memory to be incorporated into the result
string This vulnerability affects Firefox < 136 and Thunderbird
< 136.
Websites redirecting to a non-HTTP scheme URL could allow a website
address to be spoofed for a malicious page This vulnerability affects
Firefox for iOS < 136.