Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote memory-corruption vulnerability due to a use-after-free condition.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is fixed in:

Firefox 15
Firefox ESR 10.0.7
Thunderbird 15
Thunderbird ESR 10.0.7
SeaMonkey 2.12

Note: This issue was previously discussed in BID 55249 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-58 through -72 Multiple Vulnerabilities) but has been moved to its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus