David Bienvenu

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.8 **Description** The issue allows context-dependent attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via vectors involving uppercase strings. This is due to a buffer overflow in the International Components for Unicode (ICU) component. **Recommendations** For versions prior to 10.6.8, update to version 10.6.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Thunderbird versions prior to 1.5.0.9 SeaMonkey versions prior to 1.0.7 **Description** The issue is related to multiple heap-based buffer overflows that can be triggered by remote attackers. This can be achieved through external message modes with long Content-Type headers or long RFC2047-encoded (MIME non-ASCII) headers, potentially allowing the execution of arbitrary code. **Recommendations** For Mozilla Thunderbird versions prior to 1.5.0.9, update to version 1.5.0.9 or later. For SeaMonkey versions prior to 1.0.7, update to version 1.0.7 or later.