Michael Jordan

**Name of the Vulnerable Software and Affected Versions** ANGLE versions prior to the version used in Mozilla Firefox 7.0 Mozilla Firefox versions prior to 7.0 SeaMonkey versions prior to 2.4 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, or possibly execute arbitrary code. This is achieved through vectors that trigger a memory-allocation error, resulting in a buffer overflow, due to the failure to validate the return value of a function call. **Recommendations** For ANGLE, update to a version used in or after Mozilla Firefox 7.0 to resolve the issue. For Mozilla Firefox, update to version 7.0 or later. For SeaMonkey, update to version 2.4 or later.

Name of the Vulnerable Software and Affected Versions: Outlook Web Access (OWA) for Exchange Server 2003 SP2 Description: The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields. Exploitation of this issue could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. An attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, it would run in the security context of the user’s OWA session and could perform any action the user could perform, such as reading, sending, and deleting e-mail as the logged-on user. Recommendations: As a temporary workaround, consider restricting access to e-mail fields that could be used to inject malicious scripts until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Outlook Web Access (OWA) for Exchange Server 2003 SP2 Description: The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. Exploitation could lead to elevation of privilege on individual OWA clients, enabling actions such as reading, sending, and deleting email as the logged-on user. This can be achieved by convincing a user to open a specially crafted email that runs malicious script within an individual OWA client. Recommendations: For Outlook Web Access (OWA) for Exchange Server 2003 SP2, consider restricting access to potentially vulnerable HTML elements until a patch is available. As a temporary workaround, avoid using OWA to open suspicious or unsolicited emails.