John Dalbec

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Description: The issue allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object, due to improper cloning of base objects. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Description: The issue allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a `javascript:` URL. This URL is run in the context of the previous page and may lead to code execution if the standalone application loads a privileged `chrome:` URL. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of `javascript:` URLs in standalone applications to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Description: The issue allows remote attackers to spoof a dialog box from a trusted site, facilitating phishing attacks, by not clearly associating a Javascript dialog box with the web page that generated it. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Netscape version 8.0.2 Description: The issue arises from improper verification of DOM node names within their namespaces, allowing remote attackers to modify certain tag properties. This could lead to the execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags that have custom properties, a technique known as "XHTML node spoofing". Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later. For Netscape version 8.0.2, consider disabling the use of custom properties in IMG tags as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Netscape versions 7.2 and 8.0.2 Description: The issue concerns the browser user interface, which fails to properly distinguish between user-generated events and untrusted synthetic events. This makes it easier for remote attackers to perform actions that are normally restricted to manual user input. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later. For Netscape versions 7.2 and 8.0.2, consider applying available patches or updates, or restricting access to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Thunderbird versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Netscape version 8.0.2 K-Meleon version 0.9 Description: The issue allows remote attackers to bypass protection by running XBL scripts even when Javascript has been disabled, making it easier to exploit. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Thunderbird versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later. For Netscape version 8.0.2, consider disabling XBL scripts until a patch is available. For K-Meleon version 0.9, consider disabling XBL scripts until a patch is available.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Description: The issue allows remote attackers to execute a callback function in the context of another domain. This is achieved by forcing a page navigation after the `install` method has been called, causing the callback to be run in the context of the new page and resulting in a same origin violation. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Netscape versions 7.2 and 8.0.2 Description: The issue allows remote attackers to cause a denial of service, resulting in an access violation and crash, and possibly execute arbitrary code. This is achieved by calling `InstallVersion.compareTo` with an object instead of a string. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later. For Netscape versions 7.2 and 8.0.2, consider disabling the `InstallVersion.compareTo` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.5 Mozilla versions prior to 1.7.9 Description: The issue allows a child frame to call methods such as `top.focus()` in a parent frame, even when the parent is in a different domain, violating the same origin policy. This enables remote attackers to steal sensitive information, including cookies and passwords, from websites whose child frames do not verify that they are in the same domain as their parents. Recommendations: For Firefox versions prior to 1.0.5, update to version 1.0.5 or later. For Mozilla versions prior to 1.7.9, update to version 1.7.9 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox version 1.0.3 Mozilla version 1.7.7 **Description** A regression error allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. This issue is a re-introduction of a previously identified and addressed vulnerability. **Recommendations** For Firefox version 1.0.3, update to a version that addresses this regression error. For Mozilla version 1.7.7, update to a version that addresses this regression error. As a temporary workaround, consider restricting the use of framesets in Firefox and Mozilla until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 4.3.3 **Description** The issue is related to a buffer overflow in the `imap fetch overview` function within the IMAP functionality of PHP. This can be triggered by a long e-mail address in either the `To` or `From` header, potentially allowing remote attackers to cause a denial of service or possibly execute arbitrary code. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 4.3.1 **Description** The issue affects the IMAP functionality, allowing remote attackers to cause a denial of service. This can be achieved by sending an e-mail message with a To or From header containing an address with a large number of "" (backslash) characters. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue.