Monarch2020

**Name of the Vulnerable Software and Affected Versions** libnspr4-0d versions (affected versions not specified) libmozjs-dev versions (affected versions not specified) libnspr4-0d-dbg versions (affected versions not specified) libmozjs1d-dbg versions (affected versions not specified) libmozjs1d versions (affected versions not specified) libnspr4-dev versions (affected versions not specified) libmozillainterfaces-java versions (affected versions not specified) Mozilla Firefox versions prior to 3.0.12 Thunderbird versions prior to 2.0.0.24 SeaMonkey versions prior to 1.1.19 **Description** The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libnspr4-0d, libmozjs-dev, libnspr4-0d-dbg, libmozjs1d-dbg, libmozjs1d, libnspr4-dev, and libmozillainterfaces-java. These vulnerabilities can be exploited remotely, leading to a disruption in the confidentiality, integrity, and availability of protected information. Additionally, integer overflows in the PL Base64Decode and PL Base64Encode functions in Mozilla Firefox, Thunderbird, and SeaMonkey can cause a denial of service or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. **Recommendations** For libnspr4-0d, consider disabling the vulnerable functions until a patch is available. For libmozjs-dev, restrict access to the vulnerable module to minimize the risk of exploitation. For libnspr4-0d-dbg, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. For libmozjs1d-dbg, consider disabling the vulnerable function until a patch is available. For libmozjs1d, restrict access to the vulnerable module to minimize the risk of exploitation. For libnspr4-dev, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. For libmozillainterfaces-java, consider disabling the vulnerable function until a patch is available. For Mozilla Firefox, update to version 3.0.12 or later. For Thunderbird, update to version 2.0.0.24 or later. For SeaMonkey, update to version 1.1.19 or later.