Bobby Holley

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 39.0 Mozilla Firefox ESR versions 31.x prior to 31.8 and 38.x prior to 38.1 Thunderbird versions prior to 38.1 **Description** The issue is caused by a buffer overflow in dynamic memory, which can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability affects the browser engine and can lead to memory corruption and application crash. **Recommendations** For Mozilla Firefox versions prior to 39.0, update to version 39.0 or later to resolve the issue. For Mozilla Firefox ESR versions 31.x prior to 31.8, update to version 31.8 or later to resolve the issue. For Mozilla Firefox ESR versions 38.x prior to 38.1, update to version 38.1 or later to resolve the issue. For Thunderbird versions prior to 38.1, update to version 38.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 35.0 SeaMonkey versions prior to 2.32 **Description** The issue is related to the XrayWrapper implementation, which does not properly interact with a DOM object that has a named getter. This might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. **Recommendations** For Mozilla Firefox versions prior to 35.0, update to version 35.0 or later. For SeaMonkey versions prior to 2.32, update to version 2.32 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 19.0 Firefox ESR 17.x versions prior to 17.0.3 Thunderbird versions prior to 17.0.3 Thunderbird ESR 17.x versions prior to 17.0.3 SeaMonkey versions prior to 2.16 **Description** The issue allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site, due to the Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations not preventing modifications to a prototype. **Recommendations** For Mozilla Firefox versions prior to 19.0, update to version 19.0 or later. For Firefox ESR 17.x versions prior to 17.0.3, update to version 17.0.3 or later. For Thunderbird versions prior to 17.0.3, update to version 17.0.3 or later. For Thunderbird ESR 17.x versions prior to 17.0.3, update to version 17.0.3 or later. For SeaMonkey versions prior to 2.16, update to version 2.16 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Firefox ESR versions prior to 10.0.11 Thunderbird versions prior to 17.0 Thunderbird ESR versions prior to 10.0.11 SeaMonkey versions prior to 2.14 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, due to the implementation of cross-origin wrappers with a filtering behavior that does not properly restrict write actions. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For Thunderbird ESR versions prior to 10.0.11, update to version 10.0.11 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 13.0 Firefox ESR versions 10.x before 10.0.6 Thunderbird versions 5.0 through 13.0 Thunderbird ESR versions 10.x before 10.0.6 SeaMonkey versions prior to 2.11 **Description** The issue allows remote attackers to bypass intended XBL access restrictions via crafted content, as the presence of same-compartment security wrappers (SCSW) is not considered during the cross-compartment wrapping of objects. **Recommendations** For Mozilla Firefox versions 4.x through 13.0, update to a version after 13.0. For Firefox ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For Thunderbird versions 5.0 through 13.0, update to a version after 13.0. For Thunderbird ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For SeaMonkey versions prior to 2.11, update to version 2.11 or later.