Vulnerable.Zappa

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.16 Mozilla Firefox versions 3.6.x prior to 3.6.13 SeaMonkey versions prior to 2.0.11 **Description** The issue is related to the improper handling of injection of an ISINDEX element into an about:blank page. This allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. **Recommendations** For Mozilla Firefox versions prior to 3.5.16, update to version 3.5.16 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.13, update to version 3.6.13 or later. For SeaMonkey versions prior to 2.0.11, update to version 2.0.11 or later.