Shutdown

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 2.0.0.12 Thunderbird versions prior to 2.0.0.12 SeaMonkey versions prior to 1.1.8 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via certain vectors, including large switch statements, specific uses of `watch` and `eval`, and certain uses of the `mousedown` event listener. **Recommendations** For Mozilla Firefox versions prior to 2.0.0.12, update to version 2.0.0.12 or later. For Thunderbird versions prior to 2.0.0.12, update to version 2.0.0.12 or later. For SeaMonkey versions prior to 1.1.8, update to version 1.1.8 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.10 Mozilla Firefox versions 2.x prior to 2.0.0.2 Thunderbird versions prior to 1.5.0.10 SeaMonkey versions prior to 1.0.8 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption in the JavaScript engine. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For Mozilla Firefox versions 2.x prior to 2.0.0.2, update to version 2.0.0.2 or later. For Thunderbird versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For SeaMonkey versions prior to 1.0.8, update to version 1.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.5.x through 1.5.0.8 Mozilla Firefox versions 2.x through 2.0.0.0 Thunderbird versions 1.5.x through 1.5.0.8 SeaMonkey versions 1.0.x through 1.0.6 **Description** The issue allows remote attackers to gain privileges and install malicious code. This is achieved via the `watch` Javascript function. **Recommendations** For Mozilla Firefox versions 1.5.x through 1.5.0.8, update to version 1.5.0.9 or later. For Mozilla Firefox versions 2.x through 2.0.0.0, update to version 2.0.0.1 or later. For Thunderbird versions 1.5.x through 1.5.0.8, update to version 1.5.0.9 or later. For SeaMonkey versions 1.0.x through 1.0.6, update to version 1.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.7 **Description** The issue in Mozilla Firefox allows remote user-assisted attackers to potentially conduct cross-site scripting (XSS) attacks due to the popup blocker opening the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated. **Recommendations** For versions prior to 1.5.0.7, update to version 1.5.0.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.5 Thunderbird versions prior to 1.5.0.5 SeaMonkey versions prior to 1.0.3 **Description** The issue is related to the Javascript engine, which might allow remote attackers to execute arbitrary code. This is due to vectors involving garbage collection that causes deletion of a temporary object that is still being used. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.5, update to version 1.5.0.5 or later. For Thunderbird versions prior to 1.5.0.5, update to version 1.5.0.5 or later. For SeaMonkey versions prior to 1.0.3, update to version 1.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.5 through 1.5.0.4 Thunderbird versions 1.5 through 1.5.0.4 SeaMonkey versions 1.0 through 1.0.2 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events. This occurs because a timer object is deleted in a way that triggers memory corruption. **Recommendations** For Mozilla Firefox versions 1.5 through 1.5.0.4, update to version 1.5.0.5 or later. For Thunderbird versions 1.5 through 1.5.0.4, update to version 1.5.0.5 or later. For SeaMonkey versions 1.0 through 1.0.2, update to version 1.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.5 Thunderbird versions prior to 1.5.0.5 SeaMonkey versions prior to 1.0.3 **Description** The issue allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges, which could lead to the execution of code or the obtaining of sensitive data by reading into a privileged context. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.5, update to version 1.5.0.5 or later. For Thunderbird versions prior to 1.5.0.5, update to version 1.5.0.5 or later. For SeaMonkey versions prior to 1.0.3, update to version 1.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.5 through 1.5.0.4 Mozilla Thunderbird versions 1.5 through 1.5.0.4 SeaMonkey versions 1.0 through 1.0.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. This could potentially lead to unauthorized actions on a user's session. **Recommendations** For Mozilla Firefox versions 1.5 through 1.5.0.4, update to version 1.5.0.5 or later. For Mozilla Thunderbird versions 1.5 through 1.5.0.4, update to version 1.5.0.5 or later. For SeaMonkey versions 1.0 through 1.0.2, update to version 1.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.5 Thunderbird versions prior to 1.5.0.5 SeaMonkey versions prior to 1.0.3 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption. This includes problems with `nsListControlFrame::FireMenuItemActiveEvent`, buffer overflows in the string class in out-of-memory conditions, table row and column groups, anonymous box selectors outside of UA stylesheets, stale references to removed nodes, and running the `crypto.generateCRMFRequest` callback on deleted context. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.5, update to version 1.5.0.5 or later. For Thunderbird versions prior to 1.5.0.5, update to version 1.5.0.5 or later. For SeaMonkey versions prior to 1.0.3, update to version 1.0.3 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.x before 1.5 Mozilla Thunderbird versions 1.x before 1.5 Mozilla Thunderbird versions 1.0.x before 1.0.8 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0 Description: The issue allows remote attackers to execute arbitrary code by exploiting the improper protection of the compilation scope of privileged built-in XBL bindings. This can be achieved via the `valueOf.call` or `valueOf.apply` methods of an XBL binding, or by inserting an XBL method into the DOM's `document.body` prototype chain. Recommendations: For Mozilla Firefox versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Thunderbird versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Thunderbird versions 1.0.x before 1.0.8, update to version 1.0.8 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.0.x through 1.5.0.1 Mozilla Thunderbird versions 1.0.x through 1.5.0.1 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0.1 Description: The issue allows remote attackers to execute arbitrary code via unknown vectors related to the `crypto.generateCRMFRequest` method. Recommendations: For Mozilla Firefox versions 1.0.x through 1.5.0.1, update to version 1.5.0.2 or later. For Mozilla Thunderbird versions 1.0.x through 1.5.0.1, update to version 1.5.0.2 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0.1, update to version 1.0.1 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.x before 1.5 Mozilla Firefox versions 1.0.x before 1.0.8 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0 Description: The issue allows remote attackers to inject arbitrary Javascript into other sites. This can be achieved by using a modal alert to suspend an event handler while a new page is being loaded, utilizing `eval()`, or using certain variants involving `new Script;` and `window. proto ` to extend `eval()`. Recommendations: For Mozilla Firefox versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Firefox versions 1.0.x before 1.0.8, update to version 1.0.8 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.x before 1.5 Mozilla Thunderbird versions 1.x before 1.5 Mozilla Thunderbird versions 1.0.x before 1.0.8 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0 Description: The issue allows remote attackers to execute arbitrary code by using an eval in an XBL method binding to create Javascript functions that are compiled with extra privileges. This is achieved through `XBL.method.eval`, enabling the creation of Javascript functions with elevated privileges. Recommendations: For Mozilla Firefox versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Thunderbird versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Thunderbird versions 1.0.x before 1.0.8, update to version 1.0.8 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions 1.5 through 1.5.0.1 Thunderbird versions 1.5 through 1.5.0.1 SeaMonkey versions prior to 1.0.1 Description: The issue allows remote attackers to bypass the js ValueToFunctionObject check and execute arbitrary code via unknown vectors involving `setTimeout` and Firefox' ForEach method. Recommendations: For Firefox versions 1.5 through 1.5.0.1, update to version 1.5.0.2 or later. For Thunderbird versions 1.5 through 1.5.0.1, update to version 1.5.0.2 or later. For SeaMonkey versions prior to 1.0.1, update to version 1.0.1 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.x before 1.5 Mozilla Thunderbird versions 1.x before 1.5 Mozilla Thunderbird versions 1.0.x before 1.0.8 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0 Description: The issue allows remote attackers to execute arbitrary code by utilizing the Object.watch method to access the internal function. Recommendations: For Mozilla Firefox versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Thunderbird versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Thunderbird versions 1.0.x before 1.0.8, update to version 1.0.8 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.