Crussell

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 15.0 Firefox ESR versions prior to 10.0.7 Thunderbird versions prior to 15.0 Thunderbird ESR versions prior to 10.0.7 **Description** The issue allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. This is achieved by injecting code and triggering an eval operation. **Recommendations** For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Firefox ESR versions prior to 10.0.7, update to version 10.0.7 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For Thunderbird ESR versions prior to 10.0.7, update to version 10.0.7 or later.