Posidron

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 25.0 Firefox ESR versions 17.x prior to 17.0.10 and 24.x prior to 24.1 Thunderbird versions prior to 24.1 Thunderbird ESR versions 17.x prior to 17.0.10 SeaMonkey versions prior to 2.22 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 25.0, update to version 25.0 or later. For Firefox ESR versions 17.x prior to 17.0.10, update to version 17.0.10 or later. For Firefox ESR versions 24.x prior to 24.1, update to version 24.1 or later. For Thunderbird versions prior to 24.1, update to version 24.1 or later. For Thunderbird ESR versions 17.x prior to 17.0.10, update to version 17.0.10 or later. For SeaMonkey versions prior to 2.22, update to version 2.22 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions 17.x prior to 17.0.1 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions 17.x prior to 17.0.1 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions 17.x prior to 17.0.1, update to version 17.0.1 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions 17.x prior to 17.0.1, update to version 17.0.1 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 Thunderbird versions prior to 15.0 SeaMonkey versions prior to 2.12 Summer Institute of Linguistics (SIL) Graphite 2 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This is related to the `Silf::readClassMap` and `Pass::readPass` functions. **Recommendations** For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For SeaMonkey versions prior to 2.12, update to version 2.12 or later. As a temporary workaround, consider disabling the `Silf::readClassMap` and `Pass::readPass` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 18.0.1025.168 Mozilla Firefox versions prior to 38.0 **Description** The Inter-process Communication (IPC) implementation does not properly validate messages, which has unspecified impact and attack vectors. **Recommendations** For Google Chrome versions prior to 18.0.1025.168, update to version 18.0.1025.168 or later. For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 4.0.1 **Description** The issue is related to the WebGL implementation, which does not properly restrict write operations. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via unspecified vectors. **Recommendations** For Mozilla Firefox versions 4.x through 4.0.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WinRAR versions prior to 3.60 beta 8 **Description** A stack-based buffer overflow issue exists in the SFX module of WinRAR, allowing an attacker to cause a stack overflow with a specially crafted file. This results in a loss of integrity. The issue occurs when WinRAR fails to properly process archive comments during file extraction. **Recommendations** For versions prior to 3.60 beta 8, update to version 3.60 beta 8 or later to resolve the issue. As a temporary workaround, consider avoiding the extraction of files with potentially malicious archive comments until a patch is applied. Restrict access to the SFX module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Python versions 2.4.2 and earlier Description: A stack-based buffer overflow issue allows local users to cause a stack overflow, and possibly gain privileges, by running a script from a current working directory with a long name. This is related to the `realpath` function. The impact of this issue might be limited due to the potential need for the attacker to already have certain privileges to place an exploitable program in a directory with a long name. However, setuid applications might be affected, depending on how Python determines the current working directory. Recommendations: For Python versions 2.4.2 and earlier, consider updating to a newer version to mitigate the risk, although the exact fix version is not specified. As a temporary workaround, consider avoiding the use of long names for directories from which scripts are run, to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2000 through 2003 Description: A remote code execution issue exists in Microsoft Office, allowing attackers to execute arbitrary code via multiple attack vectors. This can be achieved by constructing a specially crafted Office file with a malformed string, which could be included in an email attachment or hosted on a malicious website. The issue can be triggered in various Office applications, including Excel, Word, and PowerPoint, potentially causing access violations. An attacker could exploit this issue by parsing the malformed string in an affected Office application, leading to remote code execution. Recommendations: For Microsoft Office versions 2000 through 2003, update to a newer version that contains a fix for this issue to prevent remote code execution. As a temporary workaround, consider avoiding the use of malformed strings in Office files and restricting access to potentially malicious email attachments or websites.

**Name of the Vulnerable Software and Affected Versions** Qualcomm WorldMail version 3.0 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character. This can be achieved using various IMAP commands, including "LIST", "LSUB", "SEARCH TEXT", "STATUS INBOX", "AUTHENTICATE", "FETCH", "SELECT", and "COPY". **Recommendations** For Qualcomm WorldMail version 3.0, consider restricting the length of IMAP commands to prevent buffer overflow exploitation until a patch is available. As a temporary workaround, limit the use of IMAP commands that could be used to trigger the overflow, such as avoiding the use of long commands that end with a "}" character. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Twilight Webserver version 1.3.3.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved via a GET request for a long URI. **Recommendations** For Twilight Webserver version 1.3.3.0, consider restricting the length of URIs that can be processed by the server as a temporary workaround until a patch is available.