Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT elements menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 16.0 (excluding) |
| Seamonkey | Mozilla | * | 2.13 (excluding) |
| Thunderbird | Mozilla | * | 16.0 (excluding) |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | hardy | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | natty | * |
| Firefox | Ubuntu | oneiric | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | quantal | * |
| Firefox | Ubuntu | raring | * |
| Firefox | Ubuntu | saucy | * |
| Firefox | Ubuntu | upstream | * |
| Seamonkey | Ubuntu | hardy | * |
| Seamonkey | Ubuntu | lucid | * |
| Seamonkey | Ubuntu | natty | * |
| Seamonkey | Ubuntu | oneiric | * |
| Seamonkey | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | hardy | * |
| Thunderbird | Ubuntu | lucid | * |
| Thunderbird | Ubuntu | natty | * |
| Thunderbird | Ubuntu | oneiric | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | quantal | * |
| Thunderbird | Ubuntu | raring | * |
| Thunderbird | Ubuntu | saucy | * |
| Thunderbird | Ubuntu | upstream | * |
| Xulrunner-1.9.2 | Ubuntu | hardy | * |
| Xulrunner-1.9.2 | Ubuntu | lucid | * |
| Xulrunner-1.9.2 | Ubuntu | natty | * |