Priit Laes

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.7 Thunderbird versions prior to 1.5.0.7 SeaMonkey versions prior to 1.0.5 libnspr4 (affected versions not specified) libnss3 (affected versions not specified) libnspr-dev (affected versions not specified) libnss-dev (affected versions not specified) **Description** The issue involves multiple vulnerabilities in various software packages, including libnspr4, libnss3, libnspr-dev, and libnss-dev, in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. A specific vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." **Recommendations** For Mozilla Firefox versions prior to 1.5.0.7, update to version 1.5.0.7 or later. For Thunderbird versions prior to 1.5.0.7, update to version 1.5.0.7 or later. For SeaMonkey versions prior to 1.0.5, update to version 1.0.5 or later. For libnspr4, libnss3, libnspr-dev, and libnss-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.