Ms2Ger

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 24.0 Firefox ESR versions prior to 17.0.9 Thunderbird versions prior to 24.0 Thunderbird ESR versions prior to 17.0.9 SeaMonkey versions prior to 2.21 **Description** The issue allows remote attackers to execute arbitrary code by leveraging incorrect scope handling for JavaScript objects with compartments. **Recommendations** For Mozilla Firefox versions prior to 24.0, update to version 24.0 or later. For Firefox ESR versions prior to 17.0.9, update to version 17.0.9 or later. For Thunderbird versions prior to 24.0, update to version 24.0 or later. For Thunderbird ESR versions prior to 17.0.9, update to version 17.0.9 or later. For SeaMonkey versions prior to 2.21, update to version 2.21 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 21.0 Firefox ESR 17.x versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR 17.x versions prior to 17.0.6 **Description** The issue allows remote attackers to obtain sensitive information from process memory via a crafted web site, due to improper initialization of data structures for the `nsDOMSVGZoomEvent::mPreviousScale` and `nsDOMSVGZoomEvent::mNewScale` functions. **Recommendations** For Mozilla Firefox versions prior to 21.0, update to version 21.0 or later. For Firefox ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 16.0 Thunderbird versions prior to 16.0 SeaMonkey versions prior to 2.13 **Description** The issue arises from improper casting of an unspecified variable when using the instanceof operator on a JavaScript object. This can be exploited by remote attackers via a crafted web site, potentially leading to the execution of arbitrary code or a denial of service due to an assertion failure. **Recommendations** For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 11.0 Mozilla Firefox ESR versions 10.x before 10.0.4 Thunderbird versions 5.0 through 11.0 Thunderbird ESR versions 10.x before 10.0.4 SeaMonkey versions prior to 2.9 **Description** The issue is related to the texImage2D implementation in the WebGL subsystem, which does not properly restrict JSVAL TO OBJECT casts. This could allow remote attackers to execute arbitrary code via a crafted web page. **Recommendations** For Mozilla Firefox versions 4.x through 11.0, update to a version after 11.0. For Mozilla Firefox ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For Thunderbird versions 5.0 through 11.0, update to a version after 11.0. For Thunderbird ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For SeaMonkey versions prior to 2.9, update to version 2.9 or later.