Timeless

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.19 Mozilla Firefox versions 3.5.x prior to 3.5.9 Thunderbird versions prior to 3.0.4 SeaMonkey versions prior to 2.0.4 **Description** A use-after-free issue in the nsTreeSelection implementation allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. **Recommendations** For Mozilla Firefox versions prior to 3.0.19, update to version 3.0.19 or later. For Mozilla Firefox versions 3.5.x prior to 3.5.9, update to version 3.5.9 or later. For Thunderbird versions prior to 3.0.4, update to version 3.0.4 or later. For SeaMonkey versions prior to 2.0.4, update to version 2.0.4 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 3.0.14 Mozilla Firefox versions 3.5.x prior to 3.5.3 Thunderbird versions prior to 2.0.0.24 SeaMonkey versions prior to 1.1.19 Description: The issue is related to multiple unspecified vulnerabilities in the browser engine, allowing remote attackers to cause a denial of service or possibly execute arbitrary code. This is related to vectors involving the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp. Recommendations: For Mozilla Firefox versions prior to 3.0.14, update to version 3.0.14 or later. For Mozilla Firefox versions 3.5.x prior to 3.5.3, update to version 3.5.3 or later. For Thunderbird versions prior to 2.0.0.24, update to version 2.0.0.24 or later. For SeaMonkey versions prior to 1.1.19, update to version 1.1.19 or later.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.18.x through 2.18.5 Bugzilla versions 2.20.x through 2.20.2 Bugzilla versions 2.22.x through 2.22.0 Bugzilla versions 2.23.x through 2.23.2 **Description** The issue allows remote attackers to obtain sensitive information, including the description of arbitrary attachments by viewing them in "diff" mode in the `attachment.cgi` endpoint, and the deadline field by viewing the XML format of the bug in the `show bug.cgi` endpoint. **Recommendations** For Bugzilla versions 2.18.x through 2.18.5, update to version 2.18.6 or later. For Bugzilla versions 2.20.x through 2.20.2, update to version 2.20.3 or later. For Bugzilla versions 2.22.x through 2.22.0, update to version 2.22.1 or later. For Bugzilla versions 2.23.x through 2.23.2, update to version 2.23.3 or later.