Sync2D

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.4 Description: A directory traversal issue allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a "resource:// URI". Recommendations: For versions prior to 2.0.0.4, update to version 2.0.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.8 Thunderbird versions prior to 1.5.0.8 SeaMonkey versions prior to 1.0.6 **Description** The issue allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.8, update to version 1.5.0.8 or later. For Thunderbird versions prior to 1.5.0.8, update to version 1.5.0.8 or later. For SeaMonkey versions prior to 1.0.6, update to version 1.0.6 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 1.5.0.8 Thunderbird versions prior to 1.5.0.8 SeaMonkey versions prior to 1.0.6 Description: The issue allows remote attackers to execute arbitrary code via the `XML.prototype.hasOwnProperty` JavaScript function. Recommendations: For Mozilla Firefox versions prior to 1.5.0.8, update to version 1.5.0.8 or later. For Thunderbird versions prior to 1.5.0.8, update to version 1.5.0.8 or later. For SeaMonkey versions prior to 1.0.6, update to version 1.0.6 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.0.x through 1.0.7 Mozilla Firefox versions 1.x through 1.4 Mozilla Thunderbird versions 1.0.x through 1.0.7 Mozilla Thunderbird versions 1.x through 1.4 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0 Description: The issue allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the `window.controllers` array. Recommendations: For Mozilla Firefox versions 1.0.x through 1.0.7, update to version 1.0.8 or later. For Mozilla Firefox versions 1.x through 1.4, update to version 1.5 or later. For Mozilla Thunderbird versions 1.0.x through 1.0.7, update to version 1.0.8 or later. For Mozilla Thunderbird versions 1.x through 1.4, update to version 1.5 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.3 Mozilla Suite versions prior to 1.7.7 **Description** The issue allows remote attackers to execute arbitrary script in other domains via a setter function for a `variable` in the target domain. This is executed when the user visits that domain, and is related to "Cross-site scripting through global scope pollution." **Recommendations** For Firefox versions prior to 1.0.3, update to version 1.0.3 or later. For Mozilla Suite versions prior to 1.7.7, update to version 1.7.7 or later.

**Name of the Vulnerable Software and Affected Versions** libnspr4 versions (affected versions not specified) libnss3 versions (affected versions not specified) Mozilla Firefox versions prior to 1.5.0.7 SeaMonkey versions prior to 1.0.5 libnspr-dev versions (affected versions not specified) libnss-dev versions (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libnspr4, libnss3, libnspr-dev, and libnss-dev. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Additionally, a security bypass vulnerability in Mozilla Firefox and SeaMonkey allows remote attackers to inject content into the sub-frame of another site, facilitating spoofing and other attacks. This can be achieved via `targetWindow.frames[n].document.open()`, which enables attackers to bypass the security model. **Recommendations** For libnspr4, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. For libnss3, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. For Mozilla Firefox versions prior to 1.5.0.7, update to version 1.5.0.7 or later to resolve the security bypass issue. For SeaMonkey versions prior to 1.0.5, update to version 1.0.5 or later to resolve the security bypass issue. For libnspr-dev, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. For libnss-dev, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. As a temporary workaround for the security bypass vulnerability in Mozilla Firefox and SeaMonkey, consider restricting the use of the `targetWindow.frames[n].document.open()` method until a patch is available.