Smaug

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 Mozilla Firefox ESR versions 38.x prior to 38.3 **Description** The issue is caused by buffer overflow, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash. **Recommendations** For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later. For Mozilla Firefox ESR versions 38.x prior to 38.3, update to version 38.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 21.0 Firefox ESR 17.x versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR 17.x versions prior to 17.0.6 **Description** A use-after-free issue in the `nsContentUtils::RemoveScriptBlocker` function allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption via unspecified vectors. **Recommendations** For Mozilla Firefox versions prior to 21.0, update to version 21.0 or later. For Firefox ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.13 Mozilla Firefox versions 3.6.x through 3.6.10 Thunderbird versions 3.0.x through 3.0.8 Thunderbird versions 3.1.x through 3.1.4 SeaMonkey versions 2.0.x through 2.0.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.13, update to version 3.5.14 or later. For Mozilla Firefox versions 3.6.x through 3.6.10, update to version 3.6.11 or later. For Thunderbird versions 3.0.x through 3.0.8, update to version 3.0.9 or later. For Thunderbird versions 3.1.x through 3.1.4, update to version 3.1.5 or later. For SeaMonkey versions 2.0.x through 2.0.8, update to version 2.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.12 Mozilla Firefox versions 3.6.x prior to 3.6.9 Thunderbird versions prior to 3.0.7 Thunderbird versions 3.1.x prior to 3.1.3 SeaMonkey versions prior to 2.0.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 3.5.12, update to version 3.5.12 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For Thunderbird versions prior to 3.0.7, update to version 3.0.7 or later. For Thunderbird versions 3.1.x prior to 3.1.3, update to version 3.1.3 or later. For SeaMonkey versions prior to 2.0.7, update to version 2.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.12 Thunderbird (affected versions not specified) libmozjs1d-dbg (affected versions not specified) libmozjs1d (affected versions not specified) libmozjs-dev (affected versions not specified) libmozillainterfaces-java (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via various vectors related to the browser engine, including the frame chain, synchronous events, and other components. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. **Recommendations** For Mozilla Firefox versions prior to 3.0.12, update to version 3.0.12 or later. For Thunderbird, libmozjs1d-dbg, libmozjs1d, libmozjs-dev, and libmozillainterfaces-java, at the moment, there is no information about a newer version that contains a fix for this vulnerability.