Bitlance Winter

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.0.1 and possibly other versions Mozilla (affected versions not specified) Thunderbird (affected versions not specified) **Description** The issue allows remote attackers to spoof the URL in the Status Bar. This can be achieved via an A HREF tag that contains a TABLE tag, which in turn contains another A tag. **Recommendations** For Mozilla Firefox version 1.0.1, update to a version that contains a fix for this issue. For Mozilla, there is no information about a newer version that contains a fix for this issue. For Thunderbird, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer version 6.0 **Description** The issue allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. **Recommendations** For Internet Explorer version 6.0, consider disabling script-initiated popup windows as a temporary workaround until a patch is available. Restrict access to sensitive information when using this version of Internet Explorer to minimize the risk of exploitation.