Brendan

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.1 Thunderbird version 1.5 SeaMonkey versions prior to 1.0 **Description** The E4X implementation exposes the internal `AnyName` object to external interfaces, allowing multiple cooperating domains to exchange information in violation of the same origin restrictions. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.1, update to version 1.5.0.1 or later. For Thunderbird version 1.5, consider disabling Javascript in mail as a temporary workaround until a patch is available. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Suite version 1.7.6 Firefox versions 1.0.1 through 1.0.2 Netscape version 7.2 **Description** The issue allows remote attackers to read portions of heap memory in a Javascript string. This is achieved via the lambda replace method in the `find replen` function. **Recommendations** For Mozilla Suite version 1.7.6, consider disabling the lambda replace method until a patch is available. For Firefox versions 1.0.1 through 1.0.2, restrict access to the `find replen` function in the Javascript engine to minimize the risk of exploitation. For Netscape version 7.2, avoid using the lambda replace method in the Javascript engine until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Mozilla versions 1.4 and earlier Description: The issue allows attackers to execute native methods by modifying the string used as input to the `script.thaw` JavaScript function, which is then deserialized and executed. This is related to the `Script.prototype.freeze/thaw` functionality. Recommendations: For Mozilla versions 1.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.