<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=ProgId content=Word.Document><meta name=Generator content="Microsoft Word 14"><meta name=Originator content="Microsoft Word 14"><link rel=File-List href="cid:filelist.xml@01CD43EC.A62221D0"><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:EnvelopeVis/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:DoNotExpandShiftReturn/>
<w:BreakWrappedTables/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520081665 -1073717157 41 0 66047 0;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-520092929 1073806591 9 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-noshow:yes;
mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-noshow:yes;
mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.5pt;
font-family:Consolas;
mso-fareast-font-family:Calibri;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-noshow:yes;
mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-font-family:Calibri;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Plain Text";
font-family:Consolas;
mso-ascii-font-family:Consolas;
mso-hansi-font-family:Consolas;
mso-bidi-font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
mso-ascii-font-family:Tahoma;
mso-hansi-font-family:Tahoma;
mso-bidi-font-family:Tahoma;}
span.EmailStyle22
{mso-style-type:personal;
mso-style-noshow:yes;
mso-style-unhide:no;
font-family:"Arial","sans-serif";
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
font-weight:bold;}
span.apple-style-span
{mso-style-name:apple-style-span;
mso-style-unhide:no;}
span.EmailStyle24
{mso-style-type:personal;
mso-style-noshow:yes;
mso-style-unhide:no;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:Calibri;
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
mso-style-noshow:yes;
mso-style-unhide:no;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:Calibri;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
mso-style-noshow:yes;
mso-style-unhide:no;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:Calibri;
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-style-unhide:no;
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:531577089;
mso-list-template-ids:860800374;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:1731729094;
mso-list-template-ids:-961004960;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:1894805656;
mso-list-template-ids:-1322639378;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3
{mso-list-id:2086755043;
mso-list-template-ids:70791374;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 10]><style>/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
</style><![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'><div class=WordSection1><p class=MsoNormal style='mso-outline-level:1'><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br><b><span style='font-weight:bold'>Subject:</span></b> SIPC Advisory - Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution - Updated<br><b><span style='font-weight:bold'>Importance:</span></b> High<o:p></o:p></span></font></p><p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p><p class=MsoPlainText><b><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif";font-weight:bold'>STATE INFRASTRUCTURE PROTECTION CENTER(SIPC)/MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY<o:p></o:p></span></font></b></p><p class=MsoPlainText><b><font size=2 color="#1f497d" face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D;font-weight:bold'><o:p> </o:p></span></font></b></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>MS-ISAC ADVISORY NUMBER:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>2012-037 - Updated</span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>DATE(S) ISSUED:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>6/5/2012</span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>6/6/2012 - UPDATED</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>SUBJECT:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution</span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>ORIGINAL OVERVIEW:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey applications, which could allow remote code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Thunderbird is an email client. Mozilla SeaMonkey is a cross platform Internet suite of tools ranging from a web browser to an email client. Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.</span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>SYSTEMS AFFECTED:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><ul style='margin-top:0in' type=disc><li class=MsoNormal style='color:black;mso-list:l3 level1 lfo1;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Firefox versions prior to 13.0</span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l3 level1 lfo1;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Thunderbird versions prior to </span></font></span><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman";color:windowtext'>13</span></font></span><span class=apple-style-span><font size=2 face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>.0</span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l3 level1 lfo1;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>SeaMonkey versions prior to 2.</span></font></span><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman";color:windowtext'>10</span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li></ul><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>RISK:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>Government:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><ul style='margin-top:0in' type=disc><li class=MsoNormal style='color:black;mso-list:l1 level1 lfo2;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Large and medium government entities: <b><span style='font-weight:bold'>High</span></b></span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l1 level1 lfo2;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Small government entities: <b><span style='font-weight:bold'>High</span></b></span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li></ul><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>Businesses:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><ul style='margin-top:0in' type=disc><li class=MsoNormal style='color:black;mso-list:l2 level1 lfo3;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Large and medium business entities: <b><span style='font-weight:bold'>High</span></b></span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l2 level1 lfo3;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Small business entities: <b><span style='font-weight:bold'>High</span></b> </span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li></ul><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>Home users: High</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>DESCRIPTION:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. The details of these vulnerabilities are as follows:</span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>Heap Buffer Overflow Vulnerability</span></font></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>A heap based buffer overflow vulnerability has been discovered which can be triggered when converting from Unicode to native character sets using the function 'utf16_to_osilatin1'. <span class=apple-style-span>Successful exploitation could result in remote code execution. Failed attacks may result in a denial of service condition.</span> (CVE-2012-1947)</span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>Heap Buffer Overflow Vulnerability</span></font></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>A heap based buffer overflow vulnerability has been discovered in 'nsHTMLReflowState::CalculateHypotheticalBox' which occurs when a window is resized on a page with nested columns. <span class=apple-style-span>Successful exploitation could result in remote code execution. Failed attacks may result in a denial of service condition.</span> (CVE-2012-1941)</span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span lang=EN style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;mso-ansi-language:EN'>These vulnerabilities may be exploited if a user visits a maliciously crafted web page. </span></font><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>The page will consist of excessive data, memory addresses, machine code, and possibly NOP instructions. </span></font><font size=2 color=black face=Arial><span lang=EN style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;mso-ansi-language:EN'>Successful exploitation could result in an attacker executing arbitrary code in the context of the user running the affected application. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>June 6 - UPDATED DESCRIPTION:</span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'><o:p> </o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>Mozilla has issued </span></font></i></b></span><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>MFSA 2012-34 which details additional vulnerabilities which are mitigated by the latest updates. The details of these vulnerabilities are as follows:</span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>Memory Corruption Vulnerability</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>A remote memory corruption vulnerability has been discovered related to ‘methodjit/ImmutableSync.cpp’,</span></font></i></b><b><i><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>the ‘JSObject::makeDenseArraySlow’ function in js/src/jsarray.cpp, and other unknown components. <span class=apple-style-span>Successful exploitation could result in remote code execution. Failed attacks may result in a denial of service condition.</span> (CVE-2012-1938)</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>Memory Corruption Vulnerability</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>A remote memory corruption vulnerability has been discovered related to an assertion failure in 'jsinfer.cpp' which could allow attackers to execute code. <span class=apple-style-span>Successful exploitation could result in remote code execution</span>. Failed attacks may result in a denial of service condition. Note that this issue only affects Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5. (CVE-2012-1939)</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>Memory Corruption Vulnerability</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>An unspecified remote memory corruption vulnerability has been discovered which could allow attackers to execute<span class=apple-style-span> code via unknown vectors. Failed attacks may result in a denial of service condition.</span> (CVE-2012-1937)</span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>RECOMMENDATIONS:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>We recommend the following actions be taken:</span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><ul style='margin-top:0in' type=disc><li class=MsoNormal style='color:black;mso-list:l0 level1 lfo4;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Upgrade vulnerable Mozilla products immediately after appropriate testing.</span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l0 level1 lfo4;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.</span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l0 level1 lfo4;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Do not open email attachments or click on URLs from unknown or untrusted sources.</span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li><li class=MsoNormal style='color:black;mso-list:l0 level1 lfo4;tab-stops:list .5in'><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'>Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.<b><span style='font-weight:bold'> </span></b></span></font></span><font face=Arial><span style='font-family:"Arial","sans-serif";mso-fareast-font-family:"Times New Roman"'><o:p></o:p></span></font></li></ul><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>REFERENCES:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'> </span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>Mozilla:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><a href="http://www.mozilla.org/security/announce/2012/mfsa2012-40.html" target="_blank">http://www.mozilla.org/security/announce/2012/mfsa2012-40.html</a></span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'> <o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>SecurityFocus:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><a href="http://www.securityfocus.com/bid/53791" target="_blank">http://www.securityfocus.com/bid/53791</a></span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><a href="http://www.securityfocus.com/bid/53793" target="_blank">http://www.securityfocus.com/bid/53793</a></span></font></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'> </span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold'>CVE:</span></font></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947</a></span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941</a></span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> </span></font><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>June 6 - UPDATED REFERENCES:</span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>Mozilla:</span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://www.mozilla.org/security/announce/2012/mfsa2012-34.html">http://www.mozilla.org/security/announce/2012/mfsa2012-34.html</a></span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>SecurityFocus:</span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://www.securityfocus.com/bid/53796">http://www.securityfocus.com/bid/53796</a></span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://www.securityfocus.com/bid/53797">http://www.securityfocus.com/bid/53797</a></span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://www.securityfocus.com/bid/53800">http://www.securityfocus.com/bid/53800</a></span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'> </span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><span class=apple-style-span><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'>CVE:</span></font></i></b></span><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938</a></span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939</a></span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoNormal><b><i><font size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;font-weight:bold;font-style:italic'><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937</a></span></font></i></b><font color=black face=Arial><span style='font-family:"Arial","sans-serif";color:black'><o:p></o:p></span></font></p><p class=MsoPlainText><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></font></p><p class=MsoPlainText><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></font></p><p class=MsoNormal><font size=2 face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></font></p><div><p class=MsoPlainText><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif"'>Arizona Statewide Infrastructure Protection Center (SIPC)<o:p></o:p></span></font></p><p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif"'>100 N. 15th Avenue Suite 400<o:p></o:p></span></font></p><p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif"'>Phone: 602-542-2252 <o:p></o:p></span></font></p><p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.5pt;font-family:"Arial","sans-serif"'>Email: </span></font><font face=Arial><span style='font-family:"Arial","sans-serif"'><a href="mailto:SIPC@AZDOA.GOV"><font size=2><span style='font-size:10.5pt'>SIPC@AZDOA.GOV</span></font></a><o:p></o:p></span></font></p><p class=MsoNormal><font size=2 face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></font></p><p class=MsoNormal><font size=2 color=black face=Arial><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:black'>This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.</span></font><span class=apple-style-span><font color="#1f497d"><span style='color:#1F497D'><o:p></o:p></span></font></span></p><p class=MsoNormal><font size=2 face=Calibri><span style='font-size:10.5pt'><o:p> </o:p></span></font></p></div><p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p></div></body></html>