Mccr8

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7 **Description** The issue is caused by buffer overflow, leading to multiple vulnerabilities in the browser engine. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service, such as memory corruption or application crash, or possibly execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 21.0 Firefox ESR 17.x versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR 17.x versions prior to 17.0.6 **Description** A use-after-free issue in the `nsContentUtils::RemoveScriptBlocker` function allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption via unspecified vectors. **Recommendations** For Mozilla Firefox versions prior to 21.0, update to version 21.0 or later. For Firefox ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 10.x through 10.0 Thunderbird versions 10.x through 10.0 SeaMonkey version 2.7 **Description** The issue is related to a use-after-free vulnerability that can be triggered by vectors causing failure of an `nsXBLDocumentInfo::ReadPrototypeBindings` function call. This is tied to the cycle collector's access to a hash table containing a stale XBL binding, potentially allowing remote attackers to cause a denial of service or possibly execute arbitrary code. **Recommendations** For Mozilla Firefox versions 10.x through 10.0, update to version 10.0.1 or later. For Thunderbird versions 10.x through 10.0, update to version 10.0.1 or later. For SeaMonkey version 2.7, update to a version that includes the fix for this issue.