Ca0Nguyen

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 9 through 11 **Description** The issue is related to improper memory object handling, which can be exploited by a remote attacker to execute arbitrary code in the context of the current user. This can be achieved through a specially crafted web page. If the current user has administrative rights, the attacker could gain control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Internet Explorer versions 9 through 11, update to a newer version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is caused by an integer underflow in the nsHtml5TreeBuilder class, which is part of the HTML5 string parser. This can be exploited by remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging the mishandling of end tags. The vulnerability can be triggered by incorrect SVG processing. **Recommendations** For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.