Jeff Walden

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 **Description** The issue allows remote attackers to bypass certain ECMAScript 5 (ES5) API protection mechanisms and modify immutable properties, which can lead to the execution of arbitrary JavaScript code with chrome privileges. This can be achieved through a crafted web page that does not utilize ES5 APIs. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not provided. **Recommendations** For versions prior to 41.0, update to version 41.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ECMAScript 5 API until a patch is applied. Avoid using crafted web pages that do not utilize ES5 APIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.3 **Description** The issue is related to multiple unspecified vulnerabilities in the JavaScript engine, which can cause a denial of service due to memory corruption and application crash, or possibly allow the execution of arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.3, update to version 3.5.4 or later to resolve the issue.