Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 13.0 (excluding) |
| Seamonkey | Mozilla | * | 2.10 (excluding) |
| Thunderbird | Mozilla | * | 13.0 (excluding) |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:10.0.5-1.el5_8 | * |
| Red Hat Enterprise Linux 5 | RedHat | xulrunner-0:10.0.5-1.el5_8 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:10.0.5-2.el5_8 | * |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:10.0.5-1.el6_2 | * |
| Red Hat Enterprise Linux 6 | RedHat | xulrunner-0:10.0.5-1.el6_2 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:10.0.5-2.el6_2 | * |
| Firefox | Ubuntu | hardy | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | natty | * |
| Firefox | Ubuntu | oneiric | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | upstream | * |
| Seamonkey | Ubuntu | hardy | * |
| Seamonkey | Ubuntu | lucid | * |
| Seamonkey | Ubuntu | natty | * |
| Seamonkey | Ubuntu | oneiric | * |
| Thunderbird | Ubuntu | hardy | * |
| Thunderbird | Ubuntu | lucid | * |
| Thunderbird | Ubuntu | natty | * |
| Thunderbird | Ubuntu | oneiric | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | upstream | * |
| Xulrunner-1.9.2 | Ubuntu | hardy | * |
| Xulrunner-1.9.2 | Ubuntu | lucid | * |
| Xulrunner-1.9.2 | Ubuntu | natty | * |
| Xulrunner-2.0 | Ubuntu | natty | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2012-0710.html
- http://rhn.redhat.com/errata/RHSA-2012-0715.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
- http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
- http://www.securityfocus.com/bid/53796
- https://bugzilla.mozilla.org/show_bug.cgi?id=670317
- https://bugzilla.mozilla.org/show_bug.cgi?id=699594
- https://bugzilla.mozilla.org/show_bug.cgi?id=708688
- https://bugzilla.mozilla.org/show_bug.cgi?id=716067
- https://bugzilla.mozilla.org/show_bug.cgi?id=718852
- https://bugzilla.mozilla.org/show_bug.cgi?id=723773
- https://bugzilla.mozilla.org/show_bug.cgi?id=723971
- https://bugzilla.mozilla.org/show_bug.cgi?id=730415
- https://bugzilla.mozilla.org/show_bug.cgi?id=736012
- https://bugzilla.mozilla.org/show_bug.cgi?id=748948
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17058
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2012-0710.html
- http://rhn.redhat.com/errata/RHSA-2012-0715.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
- http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
- http://www.securityfocus.com/bid/53796
- https://bugzilla.mozilla.org/show_bug.cgi?id=670317
- https://bugzilla.mozilla.org/show_bug.cgi?id=699594
- https://bugzilla.mozilla.org/show_bug.cgi?id=708688
- https://bugzilla.mozilla.org/show_bug.cgi?id=716067
- https://bugzilla.mozilla.org/show_bug.cgi?id=718852
- https://bugzilla.mozilla.org/show_bug.cgi?id=723773
- https://bugzilla.mozilla.org/show_bug.cgi?id=723971
- https://bugzilla.mozilla.org/show_bug.cgi?id=730415
- https://bugzilla.mozilla.org/show_bug.cgi?id=736012
- https://bugzilla.mozilla.org/show_bug.cgi?id=748948
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17058