Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/50904 | third party advisory broken link |
| http://secunia.com/advisories/50984 | third party advisory broken link |
| http://secunia.com/advisories/50935 | third party advisory broken link |
| https://bugzilla.mozilla.org/show_bug.cgi?id=783867 | issue tracking vendor advisory |
| http://secunia.com/advisories/50856 | third party advisory broken link |
| http://secunia.com/advisories/50892 | third party advisory broken link |
| http://osvdb.org/86097 | vdb entry broken link |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16814 | vdb entry third party advisory signature |
| http://www.mozilla.org/security/announce/2012/mfsa2012-80.html | vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html | mailing list third party advisory vendor advisory |
| http://www.ubuntu.com/usn/USN-1611-1 | third party advisory vendor advisory |