Regenrecht

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 32.0 Mozilla Firefox ESR versions 24.x prior to 24.8 and 31.x prior to 31.1 Thunderbird versions 24.x prior to 24.8 and 31.x prior to 31.1 **Description** The issue allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. This occurs due to a use-after-free vulnerability in DirectionalityUtils.cpp. **Recommendations** For Mozilla Firefox versions prior to 32.0, update to version 32.0 or later. For Mozilla Firefox ESR versions 24.x prior to 24.8, update to version 24.8 or later. For Mozilla Firefox ESR versions 31.x prior to 31.1, update to version 31.1 or later. For Thunderbird versions 24.x prior to 24.8, update to version 24.8 or later. For Thunderbird versions 31.x prior to 31.1, update to version 31.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue is related to a use-after-free vulnerability in the `obj toSource` function. This vulnerability allows remote attackers to execute arbitrary code via a crafted web page that references JavaScript Proxy objects not properly handled during garbage collection. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue is related to a use-after-free vulnerability in the mozVibrate implementation in the Vibrate library. This allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 10.0.12 and prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 10.0.12 and prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. This is related to a use-after-free vulnerability in the ListenerManager implementation. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 10.0.12, update to version 10.0.12 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 10.0.12, update to version 10.0.12 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 10.0.12 and prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 10.0.12 and prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** The issue is related to a use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component. This allows remote attackers to execute arbitrary code via crafted web content. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 10.0.12, update to version 10.0.12 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 10.0.12, update to version 10.0.12 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 8.0 Thunderbird versions 5.0 through 8.0 SeaMonkey versions prior to 2.6 **Description** The issue is related to a use-after-free vulnerability in the `nsHTMLSelectElement` function. This vulnerability allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. **Recommendations** For Mozilla Firefox versions 4.x through 8.0, update to a version later than 8.0 to resolve the issue. For Thunderbird versions 5.0 through 8.0, update to a version later than 8.0 to resolve the issue. For SeaMonkey versions prior to 2.6, update to version 2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.20 Mozilla Firefox versions 4.x through 5 Thunderbird versions 3.x prior to 3.1.12 Thunderbird versions prior to 6 SeaMonkey versions 2.x prior to 2.3 **Description** The issue arises from the improper handling of SVG text by the `SVGTextElement.getCharNumAtPosition` function, allowing remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." **Recommendations** For Mozilla Firefox versions prior to 3.6.20, update to version 3.6.20 or later. For Mozilla Firefox versions 4.x through 5, update to a version later than 5. For Thunderbird versions 3.x prior to 3.1.12, update to version 3.1.12 or later. For Thunderbird versions prior to 6, update to version 6 or later. For SeaMonkey versions 2.x prior to 2.3, update to version 2.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.18 Thunderbird versions prior to 3.1.11 SeaMonkey versions prior to 2.0.15 **Description** The issue is related to a use-after-free vulnerability in the implementation of SVG element lists, specifically in the nsSVGPointList::AppendElement function. This vulnerability can be exploited by remote attackers to cause a denial of service, resulting in an application crash, or possibly to execute arbitrary code. The exploitation involves vectors with a user-supplied callback. **Recommendations** For Mozilla Firefox versions prior to 3.6.18, update to version 3.6.18 or later. For Thunderbird versions prior to 3.1.11, update to version 3.1.11 or later. For SeaMonkey versions prior to 2.0.15, update to version 2.0.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.18 Thunderbird versions prior to 3.1.11 SeaMonkey versions prior to 2.0.15 **Description** The issue allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater, leveraging a use-after-free vulnerability in the nsXULCommandDispatcher function. **Recommendations** For Mozilla Firefox versions prior to 3.6.18, update to version 3.6.18 or later. For Thunderbird versions prior to 3.1.11, update to version 3.1.11 or later. For SeaMonkey versions prior to 2.0.15, update to version 2.0.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.19 Mozilla Firefox versions 3.6.x prior to 3.6.17 SeaMonkey versions prior to 2.0.14 **Description** The issue allows remote attackers to execute arbitrary code via vectors related to OBJECT's `mObserverList`. This is a use-after-free vulnerability. **Recommendations** For Mozilla Firefox versions prior to 3.5.19, update to version 3.5.19 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.17, update to version 3.6.17 or later. For SeaMonkey versions prior to 2.0.14, update to version 2.0.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.19 Mozilla Firefox versions 3.6.x prior to 3.6.17 SeaMonkey versions prior to 2.0.14 **Description** The issue is related to the improper use of nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." **Recommendations** For Mozilla Firefox versions prior to 3.5.19, update to version 3.5.19 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.17, update to version 3.6.17 or later. For SeaMonkey versions prior to 2.0.14, update to version 2.0.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.16 Mozilla Firefox versions 3.6.x prior to 3.6.13 SeaMonkey versions prior to 2.0.11 **Description** The issue is related to an integer overflow in the NewIdArray function, which allows remote attackers to execute arbitrary code via a JavaScript array with many elements. **Recommendations** For Mozilla Firefox versions prior to 3.5.16, update to version 3.5.16 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.13, update to version 3.6.13 or later. For SeaMonkey versions prior to 2.0.11, update to version 2.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.16 Mozilla Firefox versions 3.6.x prior to 3.6.13 SeaMonkey versions prior to 2.0.11 **Description** The issue involves a use-after-free vulnerability that can be exploited by remote attackers to execute arbitrary code. This is achieved through vectors involving a change to an `nsDOMAttribute` node. **Recommendations** For Mozilla Firefox versions prior to 3.5.16, update to version 3.5.16 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.13, update to version 3.6.13 or later. For SeaMonkey versions prior to 2.0.11, update to version 2.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.14 Mozilla Firefox versions 3.6.x prior to 3.6.11 Thunderbird versions prior to 3.0.9 Thunderbird versions 3.1.x prior to 3.1.5 SeaMonkey versions prior to 2.0.9 **Description** The issue arises from the LookupGetterOrSetter function in js3250.dll, which does not properly handle `window. lookupGetter ` function calls without arguments. This can be exploited by remote attackers to execute arbitrary code or cause a denial of service through incorrect pointer dereference and application crash, involving a "dangling pointer" and the `JS ValueToId` function. **Recommendations** For Mozilla Firefox versions prior to 3.5.14, update to version 3.5.14 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.11, update to version 3.6.11 or later. For Thunderbird versions prior to 3.0.9, update to version 3.0.9 or later. For Thunderbird versions 3.1.x prior to 3.1.5, update to version 3.1.5 or later. For SeaMonkey versions prior to 2.0.9, update to version 2.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.12 Mozilla Firefox versions 3.6.x prior to 3.6.9 Thunderbird versions prior to 3.0.7 Thunderbird versions 3.1.x prior to 3.1.3 SeaMonkey versions prior to 2.0.7 **Description** The issue is related to a dangling pointer vulnerability, where the nsTreeContentView function does not properly handle node removal in XUL trees. This allows remote attackers to execute arbitrary code via vectors involving access to deleted memory. **Recommendations** For Mozilla Firefox versions prior to 3.5.12, update to version 3.5.12 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For Thunderbird versions prior to 3.0.7, update to version 3.0.7 or later. For Thunderbird versions 3.1.x prior to 3.1.3, update to version 3.1.3 or later. For SeaMonkey versions prior to 2.0.7, update to version 2.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.12 Mozilla Firefox versions 3.6.x prior to 3.6.9 Thunderbird versions prior to 3.0.7 Thunderbird versions 3.1.x prior to 3.1.3 SeaMonkey versions prior to 2.0.7 **Description** The issue is related to a use-after-free vulnerability in the `nsTreeSelection` function, which might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection. This is due to a "dangling pointer vulnerability" and is a result of an incomplete fix for a previous issue. **Recommendations** For Mozilla Firefox versions prior to 3.5.12, update to version 3.5.12 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For Thunderbird versions prior to 3.0.7, update to version 3.0.7 or later. For Thunderbird versions 3.1.x prior to 3.1.3, update to version 3.1.3 or later. For SeaMonkey versions prior to 2.0.7, update to version 2.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.10 Mozilla Firefox versions 3.6.x through 3.6.6 SeaMonkey versions prior to 2.0.6 **Description** A use-after-free issue in the attribute-cloning functionality of the DOM implementation allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.10, update to version 3.5.11 or later. For Mozilla Firefox versions 3.6.x through 3.6.6, update to version 3.6.7 or later. For SeaMonkey versions prior to 2.0.6, update to version 2.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.10 Mozilla Firefox versions 3.6.x through 3.6.6 SeaMonkey versions prior to 2.0.6 **Description** A use-after-free issue in the NodeIterator implementation allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.10, update to version 3.5.11 or later. For Mozilla Firefox versions 3.6.x through 3.6.6, update to version 3.6.7 or later. For SeaMonkey versions prior to 2.0.6, update to version 2.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.6.4 **Description** The issue is related to an integer overflow in the cgtexttops CUPS filter in Printing, which allows remote attackers to execute arbitrary code or cause a denial of service, such as an application crash, via vectors related to page sizes. **Recommendations** For Mac OS X versions prior to 10.6.4, update to version 10.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CUPS versions prior to 1.4.4 **Description** The issue is related to the WriteProlog function in texttops.c in the Text Filter subsystem, which does not check the return values of certain calloc calls. This allows remote attackers to cause a denial of service, such as a NULL pointer dereference or heap memory corruption, or possibly execute arbitrary code via a crafted file. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue.