Mariusz Mlynski

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue allows remote attackers to bypass the Same Origin Policy via unspecified vectors. This is a different issue than the one previously identified. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 45.0.2454.85 Opera (affected versions not specified) **Description** The issue is related to the DOM implementation in Blink, which allows remote attackers to bypass the Same Origin Policy. This is due to insufficient access restrictions to certain functions. The exploitation of this issue can enable a remote attacker to bypass existing access restrictions. **Recommendations** For Google Chrome versions prior to 45.0.2454.85, update to version 45.0.2454.85 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 43.0.2357.130 Opera (affected versions not specified) **Description** The issue is related to the bindings/scripts/v8 types.py file in Blink, which does not properly select a creation context for a return value's DOM wrapper. This allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, for example, by using a data: URL. The vulnerability can be exploited by a remote attacker to bypass access restrictions using JavaScript that utilizes the Blink API. **Recommendations** For Google Chrome versions prior to 43.0.2357.130, update to version 43.0.2357.130 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 36.0.4 Firefox ESR versions prior to 31.5.3 SeaMonkey versions prior to 2.33.1 **Description** The issue allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. **Recommendations** For Mozilla Firefox versions prior to 36.0.4, update to version 36.0.4 or later. For Firefox ESR versions prior to 31.5.3, update to version 31.5.3 or later. For SeaMonkey versions prior to 2.33.1, update to version 2.33.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 22.0 Firefox ESR 17.x versions prior to 17.0.7 Thunderbird versions prior to 17.0.7 Thunderbird ESR 17.x versions prior to 17.0.7 **Description** The issue allows remote attackers to execute arbitrary JavaScript code with chrome privileges or conduct cross-site scripting (XSS) attacks via a crafted web site, due to improper restriction of XBL user-defined functions in the System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations. **Recommendations** For Mozilla Firefox versions prior to 22.0, update to version 22.0 or later. For Firefox ESR 17.x versions prior to 17.0.7, update to version 17.0.7 or later. For Thunderbird versions prior to 17.0.7, update to version 17.0.7 or later. For Thunderbird ESR 17.x versions prior to 17.0.7, update to version 17.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 20.0 Firefox ESR versions prior to 17.0.5 Thunderbird versions prior to 17.0.5 Thunderbird ESR versions prior to 17.0.5 SeaMonkey versions prior to 2.17 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing, due to the incorrect handling of the address bar during history navigation. **Recommendations** For Mozilla Firefox versions prior to 20.0, update to version 20.0 or later. For Firefox ESR versions prior to 17.0.5, update to version 17.0.5 or later. For Thunderbird versions prior to 17.0.5, update to version 17.0.5 or later. For Thunderbird ESR versions prior to 17.0.5, update to version 17.0.5 or later. For SeaMonkey versions prior to 2.17, update to version 2.17 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions 10.x prior to 10.0.12 and 17.x prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions 10.x prior to 10.0.12 and 17.x prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to execute arbitrary JavaScript code with chrome privileges. This is achieved by leveraging improper interaction between plugin objects and SVG elements. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions 10.x prior to 10.0.12, update to version 10.0.12 or later. For Firefox ESR versions 17.x prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions 10.x prior to 10.0.12, update to version 10.0.12 or later. For Thunderbird ESR versions 17.x prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing `Object.prototype. proto ` in a crafted HTML document. This is due to the Chrome Object Wrapper (COW) implementation not preventing modifications to the prototype of an object. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Firefox ESR versions prior to 10.0.11 Thunderbird versions prior to 17.0 Thunderbird ESR versions prior to 10.0.11 SeaMonkey versions prior to 2.14 **Description** The issue makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin, due to the failure to prevent use of a "top" frame name-attribute value to access the location property. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For Thunderbird ESR versions prior to 10.0.11, update to version 10.0.11 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Mozilla Firefox ESR versions prior to 10.0.11 **Description** The issue allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet, due to the improper restriction of the context of HTML markup and Cascading Style Sheets (CSS) token sequences by the Style Inspector. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Mozilla Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0.2 Firefox ESR versions prior to 10.0.10 Thunderbird versions prior to 16.0.2 Thunderbird ESR versions prior to 10.0.10 SeaMonkey versions prior to 2.13.2 **Description** The issue makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin, as the `valueOf` method can be used to shadow the `window.location` object. **Recommendations** For Mozilla Firefox versions prior to 16.0.2, update to version 16.0.2 or later. For Firefox ESR versions prior to 10.0.10, update to version 10.0.10 or later. For Thunderbird versions prior to 16.0.2, update to version 16.0.2 or later. For Thunderbird ESR versions prior to 10.0.10, update to version 10.0.10 or later. For SeaMonkey versions prior to 2.13.2, update to version 2.13.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0 Firefox ESR versions prior to 10.0.8 Thunderbird versions prior to 16.0 Thunderbird ESR versions prior to 10.0.8 SeaMonkey versions prior to 2.13 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin. This is achieved by using `Object.defineProperty` to shadow the top object and leveraging the relationship between `top.location` and the `location` property. **Recommendations** For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Firefox ESR versions prior to 10.0.8, update to version 10.0.8 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For Thunderbird ESR versions prior to 10.0.8, update to version 10.0.8 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0 Firefox ESR versions prior to 10.0.8 Thunderbird versions prior to 16.0 Thunderbird ESR versions prior to 10.0.8 SeaMonkey versions prior to 2.13 **Description** The issue is related to the Chrome Object Wrapper (COW) implementation, which does not properly handle failures of InstallTrigger methods. This allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. **Recommendations** For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Firefox ESR versions prior to 10.0.8, update to version 10.0.8 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For Thunderbird ESR versions prior to 10.0.8, update to version 10.0.8 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0 Firefox ESR versions prior to 10.0.8 Thunderbird versions prior to 16.0 Thunderbird ESR versions prior to 10.0.8 SeaMonkey versions prior to 2.13 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content. This is achieved through vectors involving a `location.hash` write operation and history navigation that triggers the loading of a URL into the history object. **Recommendations** For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Firefox ESR versions prior to 10.0.8, update to version 10.0.8 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For Thunderbird ESR versions prior to 10.0.8, update to version 10.0.8 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 Thunderbird versions prior to 15.0 SeaMonkey versions prior to 2.12 **Description** The issue makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin, by not preventing the use of the Object.defineProperty method to shadow the `window.location` object. **Recommendations** For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For SeaMonkey versions prior to 2.12, update to version 2.12 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 **Description** The issue allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. This occurs when a new tab and then a new window are created, triggering improper navigation to the about:newtab page. **Recommendations** For versions prior to 15.0, update to version 15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 13.0 Firefox ESR versions 10.x before 10.0.6 Thunderbird versions 5.0 through 13.0 Thunderbird ESR versions 10.x before 10.0.6 SeaMonkey versions prior to 2.11 **Description** The issue allows remote attackers to spoof the address bar via vectors involving `history.forward` and `history.back` calls. **Recommendations** For Mozilla Firefox versions 4.x through 13.0, update to a version after 13.0. For Firefox ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For Thunderbird versions 5.0 through 13.0, update to a version after 13.0. For Thunderbird ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For SeaMonkey versions prior to 2.11, update to version 2.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.23 Mozilla Firefox versions 4.x through 6 Thunderbird versions prior to 7.0 SeaMonkey versions prior to 2.4 **Description** The issue allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site, due to the failure to prevent the starting of a download in response to the holding of the Enter key. **Recommendations** For Mozilla Firefox versions prior to 3.6.23, update to version 3.6.23 or later. For Mozilla Firefox versions 4.x through 6, update to a version later than 6. For Thunderbird versions prior to 7.0, update to version 7.0 or later. For SeaMonkey versions prior to 2.4, update to version 2.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 6 Thunderbird versions prior to 7.0 SeaMonkey versions prior to 2.4 **Description** The issue allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. This occurs because the software does not prevent manual add-on installation when the Enter key is held, triggering an unspecified internal error. **Recommendations** For Mozilla Firefox versions 4.x through 6, update to a version outside of this range to resolve the issue. For Thunderbird versions prior to 7.0, update to version 7.0 or later. For SeaMonkey versions prior to 2.4, update to version 2.4 or later.