Fernando Hartmann

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.1.0 through 4.1.1 Description: The issue arises from the mishandling of an issue's subject in the auto complete tip, leading to a potential XSS attack. Recommendations: For versions 4.1.0 through 4.1.1, update to version 4.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.0.x, 3.5, and 3.5.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an uncaught exception and application crash, via a long Unicode string argument to the `write` method. This issue was initially reported as a stack-based buffer overflow. **Recommendations** For Mozilla Firefox versions 3.0.x, 3.5, and 3.5.1, consider avoiding the use of long Unicode strings in the `write` method until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.