CVE-2012-0454

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 10.0 Firefox ESR versions 10.x before 10.0.3 Thunderbird versions 5.0 through 10.0 Thunderbird ESR versions 10.x before 10.0.3 SeaMonkey version before 2.8

Description The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown QueryService function in the Windows shlwapi.dll library.

Recommendations For Mozilla Firefox versions 4.x through 10.0, update to a version after 10.0. For Firefox ESR versions 10.x before 10.0.3, update to version 10.0.3 or later. For Thunderbird versions 5.0 through 10.0, update to a version after 10.0. For Thunderbird ESR versions 10.x before 10.0.3, update to version 10.0.3 or later. For SeaMonkey version before 2.8, update to version 2.8 or later.