Anba

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 Firefox ESR versions prior to 38.2 **Description** The issue is related to the lack of protection for certain data in Firefox browsers, allowing remote attackers to bypass the Same Origin Policy. This can be achieved via the `reviver` parameter to the `JSON.parse` method. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR versions prior to 38.2, update to version 38.2 or later. As a temporary workaround, consider restricting the use of the `JSON.parse` method with the `reviver` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 24.0 Firefox ESR versions prior to 17.0.9 Thunderbird versions prior to 24.0 Thunderbird ESR versions prior to 17.0.9 SeaMonkey versions prior to 2.21 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 24.0, update to version 24.0 or later. For Firefox ESR versions prior to 17.0.9, update to version 17.0.9 or later. For Thunderbird versions prior to 24.0, update to version 24.0 or later. For Thunderbird ESR versions prior to 17.0.9, update to version 17.0.9 or later. For SeaMonkey versions prior to 2.21, update to version 2.21 or later.