Yosuke Hasegawa

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 9 through 11 **Description** The issue is related to insufficient access restrictions in Internet Explorer, allowing a remote attacker to bypass existing access restriction policies. This can be exploited to bypass the Same Origin Policy via unspecified vectors. **Recommendations** For Internet Explorer versions 9 through 11, apply the necessary security updates to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** An information disclosure issue exists, allowing remote attackers to perform cross-domain reading of JSON files via a crafted web site. This could enable an attacker to gain access and read the contents of JSON data files. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 9 **Description** The issue allows remote attackers to read content from a different domain or zone via a crafted web site. An information disclosure vulnerability exists that could allow an attacker to force the browser to perform unexpected actions when a user downloads Web content, allowing an attacker to view content from a different domain or Internet Explorer zone other than the domain or zone of the attacker's Web page. **Recommendations** For Microsoft Internet Explorer versions 6 through 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sage add-on versions 1.3.10 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted feed. **Recommendations** For Sage add-on versions 1.3.10 and earlier, update to a version later than 1.3.10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Search Appliance versions prior to 5.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially leading to the execution of malicious code on the client-side. **Recommendations** For versions prior to 5.0, update to version 5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue allows remote attackers to access content from a different domain or zone via unspecified script code. An information disclosure vulnerability exists that could allow script to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page, potentially viewing content from another domain or Internet Explorer zone. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.10 Mozilla Firefox versions 3.6.x through 3.6.6 Thunderbird versions 3.0.x through 3.0.5 Thunderbird versions 3.1.x through 3.1.0 SeaMonkey versions prior to 2.0.6 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document, due to the importScripts Web Worker method not verifying that content is valid JavaScript code. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.10, update to version 3.5.11 or later. For Mozilla Firefox versions 3.6.x through 3.6.6, update to version 3.6.7 or later. For Thunderbird versions 3.0.x through 3.0.5, update to version 3.0.6 or later. For Thunderbird versions 3.1.x through 3.1.0, update to version 3.1.1 or later. For SeaMonkey versions prior to 2.0.6, update to version 2.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.0 through 1.4.9a **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the HTML filter. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the data: URI in an HTML e-mail attachment or through various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. **Recommendations** For SquirrelMail versions 1.4.0 through 1.4.9a, update to a version that includes a fix for the HTML filter vulnerabilities to prevent XSS attacks.