CVE-2012-0463

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 10.0 Mozilla Firefox version 3.6.28 and earlier Firefox ESR 10.x versions prior to 10.0.3 Thunderbird versions 5.0 through 10.0 Thunderbird version 3.1.20 and earlier Thunderbird ESR 10.x versions prior to 10.0.3 SeaMonkey version 2.8 and earlier

Description The nsWindow implementation in the browser engine does not check the validity of an instance after event dispatching, allowing remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.

Recommendations For Mozilla Firefox versions 4.x through 10.0, update to version 10.0.3 or later. For Mozilla Firefox version 3.6.28 and earlier, update to version 3.6.28 or later. For Firefox ESR 10.x versions prior to 10.0.3, update to version 10.0.3 or later. For Thunderbird versions 5.0 through 10.0, update to version 10.0.3 or later. For Thunderbird version 3.1.20 and earlier, update to version 3.1.20 or later. For Thunderbird ESR 10.x versions prior to 10.0.3, update to version 10.0.3 or later. For SeaMonkey version 2.8 and earlier, update to version 2.8 or later.