Henrik Skupin

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved through a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog. The attack also triggers attempted removal of an observer from an empty observers array, specifically in the nsObserverList::FillObserverArray function. **Recommendations** For versions prior to 3.5.7, update to version 3.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. This is related to the `TraceRecorder::snapshot` function in `js/src/jstracer.cpp` and other unspecified vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.1, update to version 3.5.2 or later to resolve the issue.