Pa_Kt

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash. This is related to vectors involving iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 10.0.12 and prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 10.0.12 and prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. This occurs due to an integer overflow in the JavaScript implementation. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 10.0.12, update to version 10.0.12 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 10.0.12, update to version 10.0.12 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 18.0.1025.151 Apple iTunes (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the HTMLMediaElement implementation, allowing remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. **Recommendations** For Google Chrome versions prior to 18.0.1025.151, update to version 18.0.1025.151 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 17.0.963.56 **Description** A use-after-free issue exists, potentially allowing user-assisted remote attackers to cause a denial of service or have other unspecified impacts through vectors related to drag-and-drop operations. **Recommendations** For versions prior to 17.0.963.56, update to version 17.0.963.56 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.7.3 QuickTime versions prior to the version in 10.7.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MP4 file, due to the failure to prevent access to uninitialized memory locations. **Recommendations** For Apple Mac OS X versions prior to 10.7.3, update to version 10.7.3 or later to resolve the issue. For QuickTime versions prior to the version in 10.7.3, update to the version included in Apple Mac OS X 10.7.3 or later to resolve the issue.