Guninski

**Name of the Vulnerable Software and Affected Versions** liboggz versions prior to cf5feeaab69b05e24 Mozilla Firefox versions 3.5.x prior to 3.5.4 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For liboggz versions prior to cf5feeaab69b05e24, update to a version after cf5feeaab69b05e24 to resolve the issue. For Mozilla Firefox versions 3.5.x prior to 3.5.4, update to version 3.5.4 or later to fix the problem.

**Name of the Vulnerable Software and Affected Versions** Mozilla SeaMonkey versions prior to 1.1.19 **Description** The issue allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message. This can be demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation. **Recommendations** For versions prior to 1.1.19, update to version 1.1.19 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.6 SeaMonkey (affected versions not specified) **Description** The issue allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges. This is achieved through vectors involving the URL field in a Desktop Entry section of a .desktop file, specifically by linking to the `about:plugins` and `about:config` URIs. The problem arises from the representation of about: URIs as jar:file:// URIs. **Recommendations** For Mozilla Firefox versions prior to 3.0.6, update to version 3.0.6 or later to resolve the issue. For SeaMonkey, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Thunderbird versions prior to 2.0.0.17 SeaMonkey versions prior to 1.1.12 **Description** A heap-based buffer overflow issue allows remote attackers to cause a denial of service, potentially leading to application crashes, or possibly execute arbitrary code. This is achieved by sending a long header in a news article, related to canceling or cancelled newsgroup messages. **Recommendations** For Mozilla Thunderbird versions prior to 2.0.0.17, update to version 2.0.0.17 or later to resolve the issue. For SeaMonkey versions prior to 1.1.12, update to version 1.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.7 Mozilla Suite versions prior to 1.7.12 **Description** The issue is related to an integer overflow in the JavaScript engine, which could potentially allow remote attackers to execute arbitrary code. **Recommendations** For Firefox versions prior to 1.0.7, update to version 1.0.7 or later. For Mozilla Suite versions prior to 1.7.12, update to version 1.7.12 or later.