Decoder

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 116 Firefox ESR versions prior to 115.1 Thunderbird versions prior to 115.1 **Description** The issue is related to memory safety bugs that could potentially be exploited to run arbitrary code. These bugs are present in the processing of HTML content and may cause memory corruption. The vulnerability could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later. For Thunderbird versions prior to 115.1, update to version 115.1 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer and Microsoft Edge (affected versions not specified) **Description** The issue is related to the improper handling of data by JavaScript engines in Microsoft browsers, potentially allowing a remote attacker to execute arbitrary code in the context of the current user by corrupting memory when handling objects. If the current user has administrative rights, a successful exploitation could lead to the attacker gaining control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 39.0 Firefox ESR versions prior to 38.1 Thunderbird versions prior to 38.1 **Description** The issue is caused by a buffer overflow in dynamic memory, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. This can result in memory corruption and application crash. **Recommendations** For Mozilla Firefox versions prior to 39.0, update to version 39.0 or later. For Firefox ESR versions prior to 38.1, update to version 38.1 or later. For Thunderbird versions prior to 38.1, update to version 38.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 38.0 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, which can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For versions prior to 38.0, update to version 38.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0 **Description** The issue allows a remote attacker to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For versions prior to 37.0, update to version 37.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0 Firefox ESR versions 31.x prior to 31.6 Thunderbird versions prior to 31.6 **Description** The issue allows a remote attacker to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code. This is due to multiple unspecified vulnerabilities in the browser engine. **Recommendations** For Mozilla Firefox versions prior to 37.0, update to version 37.0 or later. For Firefox ESR versions 31.x prior to 31.6, update to version 31.6 or later. For Thunderbird versions prior to 31.6, update to version 31.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 31.0 Thunderbird versions prior to 31.0 **Description** The issue allows remote attackers to cause a denial of service, specifically an X.509 certificate parsing outage, by using a crafted certificate that does not utilize ASCII character encoding in a required context. This can lead to a service disruption. **Recommendations** For Mozilla Firefox versions prior to 31.0, update to version 31.0 or later to resolve the issue. For Thunderbird versions prior to 31.0, update to version 31.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0 Firefox ESR versions prior to 10.0.8 Thunderbird versions prior to 16.0 Thunderbird ESR versions prior to 10.0.8 SeaMonkey versions prior to 2.13 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Firefox ESR versions prior to 10.0.8, update to version 10.0.8 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For Thunderbird ESR versions prior to 10.0.8, update to version 10.0.8 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 19.0.1084.52 **Description** The issue allows remote attackers to cause a denial of service, specifically an invalid read operation, via unspecified vectors. **Recommendations** For versions prior to 19.0.1084.52, update to version 19.0.1084.52 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 13.0.782.107 **Description** The issue is related to improper const lookups in Google V8, which can be exploited by remote attackers via a crafted web site, potentially causing a denial of service (application crash) or having other unspecified impacts. **Recommendations** For versions prior to 13.0.782.107, update to version 13.0.782.107 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.18 Thunderbird versions prior to 3.1.11 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, allowing remote attackers to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 3.6.18, update to version 3.6.18 or later. For Thunderbird versions prior to 3.1.11, update to version 3.1.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.17 Mozilla Firefox versions 3.6.x prior to 3.6.14 SeaMonkey versions prior to 2.0.12 **Description** A buffer overflow issue exists in the JavaScript engine, potentially allowing remote attackers to execute arbitrary code. This issue involves vectors related to non-local JavaScript variables, specifically an "upvarMap" problem. **Recommendations** For Mozilla Firefox versions prior to 3.5.17, update to version 3.5.17 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.14, update to version 3.6.14 or later. For SeaMonkey versions prior to 2.0.12, update to version 2.0.12 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. This is related to the `TraceRecorder::snapshot` function in `js/src/jstracer.cpp` and other unspecified vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.1, update to version 3.5.2 or later to resolve the issue.