Mathias Karlsson

**Name of the Vulnerable Software and Affected Versions** phpBB versions prior to 3.0.14 phpBB versions 3.1.x prior to 3.1.4 **Description** The issue allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors. This affects users by potentially tricking them into revealing sensitive information on fake websites. **Recommendations** For versions prior to 3.0.14, update to version 3.0.14 or later. For versions 3.1.x prior to 3.1.4, update to version 3.1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.3 Firefox ESR versions prior to 52.3 Firefox versions prior to 55 **Description** The issue is related to a mechanism that uses AppCache to hijack a URL in a domain. This is achieved by serving files from a sub-path on the domain using fallback. The problem stems from weaknesses in the Application Cache mechanism, which can be exploited by a remote attacker to substitute a domain using the FALLBACK section of the manifest files of isolated sources. **Recommendations** For Thunderbird versions prior to 52.3, update to version 52.3 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Firefox versions prior to 55, update to version 55 or later.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.2.0a1 through 1.2.x before 1.2.18 **Description** The issue concerns a function that does not properly validate the URL protocol, allowing remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol. This could potentially lead to malicious scripts being executed on user systems. **Recommendations** For MantisBT versions 1.2.0a1 through 1.2.x before 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of the string insert href function until a patch is available.