Smichaud

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 34.0 Firefox ESR versions prior to 31.3 Thunderbird versions prior to 31.3 **Description** The issue allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information, due to the omission of a CoreGraphics disable-logging action needed by jemalloc-based applications. **Recommendations** For Mozilla Firefox versions prior to 34.0, update to version 34.0 or later. For Firefox ESR versions prior to 31.3, update to version 31.3 or later. For Thunderbird versions prior to 31.3, update to version 31.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.16 Mozilla Firefox versions 3.6.x prior to 3.6.13 SeaMonkey versions prior to 2.0.11 **Description** The issue arises from improper handling of certain redirections involving data: URLs and Java LiveConnect scripts. This allows remote attackers to start processes, read arbitrary local files, and establish network connections. The attack vector involves a refresh value in the http-equiv attribute of a META element, causing the wrong security principal to be used. **Recommendations** For Mozilla Firefox versions prior to 3.5.16, update to version 3.5.16 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.13, update to version 3.6.13 or later. For SeaMonkey versions prior to 2.0.11, update to version 2.0.11 or later.