David Baron

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 53 Firefox ESR versions prior to 45.9 Firefox ESR versions prior to 52.1 Thunderbird versions prior to 52.1 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 53, update to version 53 or later. For Firefox ESR versions prior to 45.9, update to version 45.9 or later. For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Thunderbird versions prior to 52.1, update to version 52.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 4.0 Thunderbird versions prior to 3.3 SeaMonkey versions prior to 2.1 **Description** The issue allows remote attackers to obtain sensitive information about visited web pages via a timing attack, due to the layout engine executing different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences. **Recommendations** For Mozilla Firefox versions prior to 4.0, update to version 4.0 or later. For Thunderbird versions prior to 3.3, update to version 3.3 or later. For SeaMonkey versions prior to 2.1, update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 2.0.0.5 Thunderbird versions prior to 2.0.0.5 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine that can cause a denial of service (crash) due to memory corruption when processing unspecified vectors. **Recommendations** For Mozilla Firefox versions prior to 2.0.0.5, update to version 2.0.0.5 or later. For Thunderbird versions prior to 2.0.0.5, update to version 2.0.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 2.x prior to 2.0.0.1 Mozilla Firefox versions 1.5.x prior to 1.5.0.9 Thunderbird versions prior to 1.5.0.9 SeaMonkey versions prior to 1.0.7 **Description** The issue affects the layout engine, allowing remote attackers to cause a denial of service, which may result in memory corruption and a crash, and potentially execute arbitrary code. The attack vectors for this issue are not specified. **Recommendations** For Mozilla Firefox versions 2.x prior to 2.0.0.1, update to version 2.0.0.1 or later. For Mozilla Firefox versions 1.5.x prior to 1.5.0.9, update to version 1.5.0.9 or later. For Thunderbird versions prior to 1.5.0.9, update to version 1.5.0.9 or later. For SeaMonkey versions prior to 1.0.7, update to version 1.0.7 or later.