Bill Keese

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 13.0 Firefox ESR versions 10.x before 10.0.6 Thunderbird versions 5.0 through 13.0 Thunderbird ESR versions 10.x before 10.0.6 SeaMonkey versions prior to 2.11 **Description** The issue is related to a use-after-free vulnerability in the JSDependentString::undepend function. This vulnerability can be exploited by remote attackers to cause a denial of service, resulting in memory corruption, or possibly execute arbitrary code. The exploitation involves vectors related to strings with multiple dependencies. **Recommendations** For Mozilla Firefox versions 4.x through 13.0, update to a version later than 13.0. For Firefox ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For Thunderbird versions 5.0 through 13.0, update to a version later than 13.0. For Thunderbird ESR versions 10.x before 10.0.6, update to version 10.0.6 or later. For SeaMonkey versions prior to 2.11, update to version 2.11 or later.