CVE-2012-1947

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 12.0 Mozilla Firefox ESR versions 10.x before 10.0.5 Thunderbird versions 5.0 through 12.0 Thunderbird ESR versions 10.x before 10.0.5 SeaMonkey versions prior to 2.10

Description The issue is related to a heap-based buffer overflow in the utf16 to isolatin1 function. This allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For Mozilla Firefox versions 4.x through 12.0, update to a version after 12.0. For Mozilla Firefox ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For Thunderbird versions 5.0 through 12.0, update to a version after 12.0. For Thunderbird ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For SeaMonkey versions prior to 2.10, update to version 2.10 or later.