Matt Brubeck

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 10.0 Firefox ESR versions 10.x before 10.0.3 Thunderbird versions 5.0 through 10.0 Thunderbird ESR versions 10.x before 10.0.3 SeaMonkey version before 2.8 **Description** The issue allows remote attackers to spoof the user interface via a crafted web page because the `window.fullScreen` object does not properly restrict write access. **Recommendations** For Mozilla Firefox versions 4.x through 10.0, update to a version after 10.0. For Firefox ESR versions 10.x before 10.0.3, update to version 10.0.3 or later. For Thunderbird versions 5.0 through 10.0, update to a version after 10.0. For Thunderbird ESR versions 10.x before 10.0.3, update to version 10.0.3 or later. For SeaMonkey version before 2.8, update to version 2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.1 **Description** The issue allows remote attackers to steal potentially sensitive information via an input control that monitors the values generated by the autocomplete capability. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.