Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox_esr | Mozilla | 10.0 (including) | 10.0 (including) |
Firefox_esr | Mozilla | 10.0.1 (including) | 10.0.1 (including) |
Firefox_esr | Mozilla | 10.0.2 (including) | 10.0.2 (including) |
Firefox_esr | Mozilla | 10.0.3 (including) | 10.0.3 (including) |
Firefox_esr | Mozilla | 10.0.4 (including) | 10.0.4 (including) |
Firefox_esr | Mozilla | 10.0.5 (including) | 10.0.5 (including) |
Firefox_esr | Mozilla | 10.0.6 (including) | 10.0.6 (including) |