A bug in WebAssembly code generation could have lead to a crash.
It may have been possible for an attacker to leverage this to achieve
code execution.
A race condition could have led to private browsing tabs being
opened in normal browsing windows. This could have resulted in a
potential privacy leak.
Certificate length was not properly checked when added to a certificate
store. In practice only trusted data was processed.
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code.