Peterv

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Thunderbird versions prior to 17.0 SeaMonkey versions prior to 2.14 **Description** The issue allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site, due to the XrayWrapper implementation not considering the compartment during property filtering. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.12 Thunderbird versions prior to 3.0.12 **Description** The issue is related to the JavaScript engine and can cause a denial of service or possibly execute arbitrary code. It is related to vectors such as `nsDOMClassInfo.cpp`, `JS HashTableRawLookup`, `MirrorWrappedNativeParent`, and `js LockGCThingRT`. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For Mozilla Firefox versions prior to 3.0.12, update to version 3.0.12 or later to resolve the issue. For Thunderbird versions prior to 3.0.12, update to version 3.0.12 or later to resolve the issue. As a temporary workaround, consider disabling JavaScript in the browser until a patch is available.