Jesse Ruderman

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 62 **Description** The issue is related to memory safety bugs in Firefox, which can lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is caused by a buffer overflow in memory, allowing a remote attacker to potentially execute arbitrary code. **Recommendations** For versions prior to 62, update to version 62 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 58 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. The vulnerability is also described as a buffer data boundary operation issue, allowing a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and minimizing browser usage until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50 **Description** Memory safety bugs were reported, showing evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. **Recommendations** For versions prior to 50, update to version 50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 Mozilla Firefox ESR versions prior to 45.3 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine. These vulnerabilities can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. The vulnerabilities are related to vectors such as `Http2Session::Shutdown` and `SpdySession31::Shutdown`, among other vectors. **Recommendations** For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later. For Mozilla Firefox ESR versions prior to 45.3, update to version 45.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, which can cause a denial of service due to memory corruption and application crash, or possibly allow the execution of arbitrary code. The vulnerabilities are reportedly caused by a buffer overflow. **Recommendations** For versions prior to 43.0, update to version 43.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 Mozilla Firefox ESR versions prior to 38.5 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, potentially allowing remote attackers to cause a denial of service, such as memory corruption and application crash, or possibly execute arbitrary code. The vulnerabilities are also described as being caused by a buffer overflow. **Recommendations** For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Mozilla Firefox ESR versions prior to 38.5, update to version 38.5 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 Mozilla Firefox ESR versions 38.x prior to 38.4 **Description** The issue is caused by buffer overflow vulnerabilities in the browser engine. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 42.0, update to version 42.0 or later. For Mozilla Firefox ESR versions 38.x prior to 38.4, update to version 38.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 38.0 Firefox ESR versions 31.x prior to 31.7 Thunderbird versions prior to 31.7 **Description** The issue allows remote attackers to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later. For Firefox ESR versions 31.x prior to 31.7, update to version 31.7 or later. For Thunderbird versions prior to 31.7, update to version 31.7 or later.

**Name of the Vulnerable Software and Affected Versions** Roundup versions prior to 1.4.20 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `otk` parameter, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 1.4.20, update to version 1.4.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 26.0 Firefox ESR 24.x versions prior to 24.2 Thunderbird versions prior to 24.2 SeaMonkey versions prior to 2.23 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, allowing remote attackers to cause a denial of service, which may result in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 26.0, update to version 26.0 or later. For Firefox ESR 24.x versions prior to 24.2, update to version 24.2 or later. For Thunderbird versions prior to 24.2, update to version 24.2 or later. For SeaMonkey versions prior to 2.23, update to version 2.23 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.9 **Description** The issue allows context-dependent attackers to spoof file extensions via a crafted character sequence due to improper restriction of Unicode characters in filenames by LaunchServices. **Recommendations** For Apple Mac OS X versions prior to 10.9, update to version 10.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 21.0 Firefox ESR versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR versions prior to 17.0.6 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, allowing remote attackers to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 21.0, update to version 21.0 or later. For Firefox ESR versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird ESR versions prior to 17.0.6, update to version 17.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event, due to the gPluginHandler.handleEvent function not properly enforcing the Same Origin Policy. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Firefox ESR versions prior to 10.0.11 Thunderbird versions prior to 17.0 Thunderbird ESR versions prior to 10.0.11 SeaMonkey versions prior to 2.14 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For Thunderbird ESR versions prior to 10.0.11, update to version 10.0.11 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0 Thunderbird versions prior to 16.0 SeaMonkey versions prior to 2.13 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, which can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.7.x through 10.7.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted text glyph. This is related to an out-of-bounds write or read in CoreText. **Recommendations** For Apple Mac OS X versions 10.7.x through 10.7.4, update to version 10.7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 Firefox ESR versions prior to 10.0.7 Thunderbird versions prior to 15.0 Thunderbird ESR versions prior to 10.0.7 SeaMonkey versions prior to 2.12 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Firefox ESR versions prior to 10.0.7, update to version 10.0.7 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For Thunderbird ESR versions prior to 10.0.7, update to version 10.0.7 or later. For SeaMonkey versions prior to 2.12, update to version 2.12 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 13.0 Mozilla Firefox ESR versions 10.x before 10.0.6 Thunderbird versions 5.0 through 13.0 Thunderbird ESR versions 10.x before 10.0.6 SeaMonkey versions prior to 2.11 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 4.x through 13.0, update to a version after 13.0. For Mozilla Firefox ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For Thunderbird versions 5.0 through 13.0, update to a version after 13.0. For Thunderbird ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For SeaMonkey versions prior to 2.11, update to version 2.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 13.0 Mozilla Firefox ESR versions 10.x before 10.0.6 **Description** The issue allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms. This is achieved via a feed:javascript: URL, which is not properly handled in terms of its security context. **Recommendations** For Mozilla Firefox versions 4.x through 13.0, update to a version later than 13.0 to resolve the issue. For Mozilla Firefox ESR versions 10.x before 10.0.6, update to version 10.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 12.0 Mozilla Firefox ESR versions 10.x before 10.0.5 Thunderbird versions 5.0 through 12.0 Thunderbird ESR versions 10.x before 10.0.5 SeaMonkey versions prior to 2.10 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 4.x through 12.0, update to a version after 12.0. For Mozilla Firefox ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For Thunderbird versions 5.0 through 12.0, update to a version after 12.0. For Thunderbird ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For SeaMonkey versions prior to 2.10, update to version 2.10 or later.