Chris Mcgowen

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 11.0 Firefox ESR versions 10.x before 10.0.4 Thunderbird versions 5.0 through 11.0 Thunderbird ESR versions 10.x before 10.0.4 SeaMonkey versions prior to 2.9 **Description** A cross-site scripting (XSS) issue in the docshell implementation allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, also known as "Universal XSS (UXSS)". **Recommendations** For Mozilla Firefox versions 4.x through 11.0, update to a version later than 11.0. For Firefox ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For Thunderbird versions 5.0 through 11.0, update to a version later than 11.0. For Thunderbird ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For SeaMonkey versions prior to 2.9, update to version 2.9 or later.