Carsten Book

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 57 **Description** The issue is related to a buffer data boundary operation overflow. It may allow a remote attacker to execute arbitrary code. Memory safety bugs were reported, showing evidence of memory corruption, which could potentially be exploited. **Recommendations** For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and minimizing browser usage until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 Firefox ESR versions prior to 52.2 Thunderbird versions prior to 52.2 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. The vulnerability is associated with a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 54, update to version 54 or later. For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Thunderbird versions prior to 52.2, update to version 52.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 52, update to version 52 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 51 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For versions prior to 51, update to version 51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50.1 Firefox ESR versions prior to 45.6 Thunderbird versions prior to 45.6 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For Firefox versions prior to 50.1, update to version 50.1 or later. For Firefox ESR versions prior to 45.6, update to version 45.6 or later. For Thunderbird versions prior to 45.6, update to version 45.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 49.0 Mozilla Firefox ESR 45.x versions prior to 45.4 Thunderbird versions prior to 45.4 **Description** The issue affects the browser engine, allowing remote attackers to cause a denial of service, which may result in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 49.0, update to version 49.0 or later. For Mozilla Firefox ESR 45.x versions prior to 45.4, update to version 45.4 or later. For Thunderbird versions prior to 45.4, update to version 45.4 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 Microsoft Office versions XP SP3, 2003 SP3, and 2007 SP2 **Description** A remote code execution issue exists due to the incorrect parsing of specific font types by Microsoft Windows and Microsoft Office. This could allow an attacker to execute arbitrary code via a crafted web site or Office document. An attacker who successfully exploits this issue could run arbitrary code as the logged-on user. **Recommendations** For Microsoft Windows versions XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, update to a version that correctly parses font types to prevent remote code execution. For Microsoft Office versions XP SP3, 2003 SP3, and 2007 SP2, update to a version that correctly parses font types to prevent remote code execution. As a temporary workaround, consider restricting the use of potentially malicious font types in Microsoft Windows and Microsoft Office until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Silverlight versions prior to 3.0.50611.0 on Windows Microsoft Silverlight versions prior to 3.0.41130.0 on Mac OS X **Description** The issue arises from improper handling of pointers, allowing remote attackers to execute arbitrary code or cause a denial of service due to memory corruption and framework outage via a crafted web site. **Recommendations** For Microsoft Silverlight on Windows, update to version 3.0.50611.0 or later. For Microsoft Silverlight on Mac OS X, update to version 3.0.41130.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.0.x through 3.0.17 Mozilla Firefox versions 3.5.x through 3.5.7 Mozilla Firefox versions 3.6.x through 3.6.1 Thunderbird versions prior to 3.0.2 SeaMonkey versions prior to 2.0.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, and possibly execute arbitrary code. This is related to vectors involving layout/generic/nsBlockFrame.cpp and the ` evaluate` function in modules/plugin/base/src/nsNPAPIPlugin.cpp. **Recommendations** For Mozilla Firefox versions 3.0.x through 3.0.17, update to version 3.0.18 or later. For Mozilla Firefox versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For Mozilla Firefox versions 3.6.x through 3.6.1, update to version 3.6.2 or later. For Thunderbird versions prior to 3.0.2, update to version 3.0.2 or later. For SeaMonkey versions prior to 2.0.3, update to version 2.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.3 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, which can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.3, update to version 3.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.0.x through 3.0.14 **Description** The issue is related to the handling of first-letter frames in the browser engine. Remote attackers can cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unspecified vectors. **Recommendations** For Mozilla Firefox versions 3.0.x through 3.0.14, update to version 3.0.15 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.5.x through 3.5.2 Description: The issue is related to an unspecified vulnerability in the JavaScript engine, which can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. Recommendations: For Mozilla Firefox versions 3.5.x through 3.5.2, update to version 3.5.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 3.0.14 Mozilla Firefox versions 3.5.x prior to 3.5.2 Thunderbird versions prior to 2.0.0.24 SeaMonkey versions prior to 1.1.19 Description: The issue is related to multiple unspecified vulnerabilities in the JavaScript engine. These vulnerabilities can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. The vulnerabilities are related to the use of mutable strings in the `js StringReplaceHelper` function in `js/src/jsstr.cpp`. Recommendations: For Mozilla Firefox versions prior to 3.0.14, update to version 3.0.14 or later. For Mozilla Firefox versions 3.5.x prior to 3.5.2, update to version 3.5.2 or later. For Thunderbird versions prior to 2.0.0.24, update to version 2.0.0.24 or later. For SeaMonkey versions prior to 1.1.19, update to version 1.1.19 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 2.0.0.12 Thunderbird versions prior to 2.0.0.12 SeaMonkey versions prior to 1.1.8 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via certain vectors, including large switch statements, specific uses of `watch` and `eval`, and certain uses of the `mousedown` event listener. **Recommendations** For Mozilla Firefox versions prior to 2.0.0.12, update to version 2.0.0.12 or later. For Thunderbird versions prior to 2.0.0.12, update to version 2.0.0.12 or later. For SeaMonkey versions prior to 1.1.8, update to version 1.1.8 or later.