Dchan

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 **Description** The issue is related to the TCP Socket API implementation in Mozilla Firefox, which mishandles array boundaries established with the `navigator.mozTCPSocket.open` method and send method calls. This allows remote TCP servers to obtain sensitive information from process memory by reading packet data. The vulnerability can be exploited by a remote attacker to access protected information. **Recommendations** For versions prior to 41.0, update to version 41.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `navigator.mozTCPSocket.open` method in Firefox OS applications until a patch is available. Avoid using the TCP Socket API in a way that could expose sensitive information.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 31.0 **Description** The issue allows remote attackers to alter the placement of UI icons via crafted JavaScript code encountered during page, panel, or toolbar customization. This is due to the improper restriction of drag-and-drop events to spoof customization events. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 31.0, update to version 31.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of drag-and-drop events in customization modes until a patch is available. Avoid using crafted JavaScript code during page, panel, or toolbar customization to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.18 Thunderbird versions prior to 3.1.11 SeaMonkey versions prior to 2.0.15 **Description** The issue allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers, as the software does not distinguish between cookies for two domain names that differ only in a trailing dot. **Recommendations** For Mozilla Firefox versions prior to 3.6.18, update to version 3.6.18 or later. For Thunderbird versions prior to 3.1.11, update to version 3.1.11 or later. For SeaMonkey versions prior to 2.0.15, update to version 2.0.15 or later.